Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
purchaseorder4.exe

Overview

General Information

Sample name:purchaseorder4.exe
Analysis ID:1428748
MD5:5914b824880c616d105867599dac3d76
SHA1:e55db01b770d5371a83be03f9e4a3f4b4520380e
SHA256:49c7e194b5876770a6e8e680c8b606ab07ffca891d4921be7a38f9d600347b1b
Infos:

Detection

Python Stealer
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Detected generic credential text file
Found pyInstaller with non standard icon
Initial sample is a PE file and has a suspicious name
Performs DNS queries to domains with low reputation
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Python Stealer
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections

Classification

Process Tree

  • System is w10x64
  • purchaseorder4.exe (PID: 3060 cmdline: "C:\Users\user\Desktop\purchaseorder4.exe" MD5: 5914B824880C616D105867599DAC3D76)
    • purchaseorder4.exe (PID: 3224 cmdline: "C:\Users\user\Desktop\purchaseorder4.exe" MD5: 5914B824880C616D105867599DAC3D76)
      • cmd.exe (PID: 2668 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: purchaseorder4.exe PID: 3224JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Suspicious Outbound SMTP Connections
    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.236.232.35, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\purchaseorder4.exe, Initiated: true, ProcessId: 3224, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49726

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: purchaseorder4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: purchaseorder4.exe, 00000002.00000002.2393327241.00007FF8B61CC000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: purchaseorder4.exe, 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: ucrtbase.pdb source: purchaseorder4.exe, 00000002.00000002.2395097234.00007FF8B80CC000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: purchaseorder4.exe, 00000002.00000002.2396996550.00007FF8B90FB000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: tRSA_PRIME_INFOeqdmp1dmq1iqmpprime_infosRSAPrivateKeyRSAPublicKeyhashAlgorithmmaskGenAlgorithmsaltLengthtrailerFieldRSA_PSS_PARAMShashFuncmaskGenFuncpSourceFuncRSA_OAEP_PARAMScompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.1built on: Fri Feb 23 00:13:44 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: purchaseorder4.exe, 00000002.00000002.2390759212.00007FF8A8AA6000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: purchaseorder4.exe, 00000000.00000003.2286951405.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2396332002.00007FF8B8CB5000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-csg7dlje\src\rust\target\release\deps\cryptography_rust.pdb source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: purchaseorder4.exe, 00000002.00000002.2393327241.00007FF8B61CC000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: purchaseorder4.exe, 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-csg7dlje\src\rust\target\release\deps\cryptography_rust.pdbo source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: purchaseorder4.exe, 00000002.00000002.2394435263.00007FF8B78B0000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: purchaseorder4.exe, 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: purchaseorder4.exe, 00000002.00000002.2390759212.00007FF8A8AA6000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: purchaseorder4.exe, 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: purchaseorder4.exe, 00000000.00000003.2286728644.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2398128067.00007FF8BFAD1000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: purchaseorder4.exe, 00000002.00000002.2397697062.00007FF8B9F70000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: purchaseorder4.exe, 00000002.00000002.2393143390.00007FF8B6046000.00000002.00000001.01000000.00000019.sdmp
    Source: Binary string: crypto\engine\tb_digest.cENGINE_get_digestcrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancrypto\packet.ccompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: purchaseorder4.exe, 00000002.00000002.2394002737.00007FF8B7833000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2395553131.00007FF8B8257000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: purchaseorder4.exe, 00000002.00000002.2394002737.00007FF8B7833000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: purchaseorder4.exe, 00000002.00000002.2391270361.00007FF8A8E1F000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: purchaseorder4.exe, 00000002.00000002.2394839291.00007FF8B8002000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: purchaseorder4.exe, 00000002.00000002.2396567848.00007FF8B8F73000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: purchaseorder4.exe, 00000002.00000002.2396996550.00007FF8B90FB000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2397257835.00007FF8B93CD000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: purchaseorder4.exe, 00000002.00000002.2394435263.00007FF8B78B0000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: ucrtbase.pdbUGP source: purchaseorder4.exe, 00000002.00000002.2395097234.00007FF8B80CC000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: purchaseorder4.exe, 00000002.00000002.2396757605.00007FF8B8F88000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: purchaseorder4.exe, 00000002.00000002.2387746863.000002607FD20000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: purchaseorder4.exe, 00000002.00000002.2393722010.00007FF8B77FD000.00000002.00000001.01000000.00000014.sdmp
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781708D00 FindFirstFileExW,FindClose,0_2_00007FF781708D00
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781718670 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF781718670
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817226C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7817226C4
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781718670 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF781718670
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\win32Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\pythonwinJump to behavior

    Networking

    barindex
    Performs DNS queries to domains with low reputation
    Source: DNS query: mail.dasmake.xyz
    Source: Joe Sandbox ViewIP Address: 192.236.232.35 192.236.232.35
    Source: Joe Sandbox ViewASN Name: HOSTWINDSUS HOSTWINDSUS
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownDNS traffic detected: queries for: mail.dasmake.xyz
    Source: purchaseorder4.exe, 00000002.00000002.2385896663.000002600374C000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321108231.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321055713.0000026002D08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: purchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: purchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27P
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021D1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363347083.0000026002501000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366999934.000002600247D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376930091.00000260021E5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366123429.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2378170065.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377137380.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: purchaseorder4.exe, 00000002.00000002.2386004860.00000260038F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.0000026002229000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2314990918.0000026001A0D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368804066.0000026002228000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.00000260024BE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312013424.00000260019FF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362456773.0000026002524000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362263286.000002600250A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369607616.0000026002530000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312782863.0000026001A0E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002191000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2371227342.0000026002531000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364800314.0000026001A0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: purchaseorder4.exe, 00000002.00000003.2313024105.0000026001DAF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372608702.0000026001DB2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2374030431.0000026001DB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366325101.0000026001D9E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: purchaseorder4.exe, 00000002.00000003.2379431977.0000026002C9F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
    Source: purchaseorder4.exe, 00000002.00000003.2373782096.0000026002D59000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361633539.0000026003079000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384596162.0000026002DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
    Source: purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl
    Source: purchaseorder4.exe, 00000002.00000003.2361633539.0000026003079000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363477134.00000260024AD000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383002229.00000260024AE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370665649.00000260024AE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372968442.00000260024AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
    Source: purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crlZS
    Source: purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crlkrxlsH588249-
    Source: purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl
    Source: purchaseorder4.exe, 00000002.00000003.2363391268.0000026002BBC000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D04000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376606966.0000026002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
    Source: purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crlFE
    Source: purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crlhhxAyAevrNQn
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376865609.0000026002D0C000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382240128.0000026002190000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: purchaseorder4.exe, 00000002.00000002.2384762588.0000026002E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publicatio
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366999934.000002600247D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002DD8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373921602.000002600247F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.000002600247A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: purchaseorder4.exe, 00000002.00000003.2363347083.0000026002501000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366123429.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2378170065.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377137380.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377431655.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372434824.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.00000260023E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381915772.0000026001E18000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366965400.0000026001DFB000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373782096.0000026002D59000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387831051.000002607FDE0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2385896663.000002600374C000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366859785.0000026001DF4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001DE9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382391801.00000260021F9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367145372.0000026001E00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372293412.0000026002240000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375344906.00000260024BF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001DCA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363477134.00000260024AD000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: purchaseorder4.exe, 00000002.00000002.2385896663.000002600374C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: purchaseorder4.exe, 00000002.00000002.2385726797.00000260034A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: purchaseorder4.exe, 00000002.00000002.2385726797.00000260034A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312782863.00000260019FE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
    Source: purchaseorder4.exe, 00000002.00000003.2376472876.0000026002432000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.0000026002432000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002432000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368437865.000002600242F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.00000260023E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: purchaseorder4.exe, 00000002.00000003.2372968442.00000260024AE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364800314.0000026001A0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com
    Source: purchaseorder4.exe, 00000002.00000003.2363391268.0000026002BBC000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361633539.0000026003079000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D04000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376606966.0000026002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
    Source: purchaseorder4.exe, 00000002.00000003.2379431977.0000026002C9F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.comsnippetV
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2380929512.0000026001B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
    Source: purchaseorder4.exe, 00000002.00000003.2377263408.00000260021C1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372716624.00000260021C2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.00000260023E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D28000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370208370.0000026002D25000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384296491.0000026002D2A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: purchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021D1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376930091.00000260021E5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362913745.00000260021CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: purchaseorder4.exe, 00000002.00000002.2386114592.0000026003A80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
    Source: purchaseorder4.exe, 00000002.00000002.2382264597.00000260021A1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377263408.0000026002191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)F
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: purchaseorder4.exe, 00000002.00000002.2383856392.0000026002C22000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362383954.0000026002C20000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361568751.0000026002C13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: purchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
    Source: purchaseorder4.exe, 00000002.00000003.2313024105.0000026001DD1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
    Source: purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D28000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370208370.0000026002D25000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384296491.0000026002D2A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: purchaseorder4.exe, 00000002.00000003.2375614799.0000026002CC4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384110948.0000026002CC7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: purchaseorder4.exe, 00000002.00000002.2392174415.00007FF8B054C000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: purchaseorder4.exe, 00000002.00000002.2386201220.0000026003C0C000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2386350724.0000026003D40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
    Source: purchaseorder4.exe, 00000002.00000003.2368846916.0000026001D0F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
    Source: purchaseorder4.exe, 00000002.00000003.2368846916.0000026001D0F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
    Source: purchaseorder4.exe, 00000002.00000003.2314754444.00000260022A1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368382323.00000260024C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
    Source: purchaseorder4.exe, 00000002.00000003.2314754444.0000026002241000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2318471205.000002600249B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383268785.00000260026A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2314754444.00000260022A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
    Source: purchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: purchaseorder4.exe, 00000002.00000003.2320193569.00000260024BE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362456773.0000026002565000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370306983.0000026002585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: purchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387352280.000002607F7F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377833600.000002607F7F6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: purchaseorder4.exe, 00000000.00000003.2286347176.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2394596696.00007FF8B78C1000.00000002.00000001.01000000.00000010.sdmp, purchaseorder4.exe, 00000002.00000002.2392573903.00007FF8B27CE000.00000002.00000001.01000000.0000001F.sdmp, purchaseorder4.exe, 00000002.00000002.2394149892.00007FF8B7841000.00000002.00000001.01000000.00000013.sdmp, purchaseorder4.exe, 00000002.00000002.2393635056.00007FF8B6214000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
    Source: purchaseorder4.exe, 00000002.00000002.2386458097.0000026003EB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
    Source: purchaseorder4.exe, 00000002.00000003.2378740529.0000026001D45000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361568751.0000026002C53000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373045518.0000026002CC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362383954.0000026002C53000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377372287.0000026002CCF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368225233.0000026001D2D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383856392.0000026002C53000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383163782.0000026002590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: purchaseorder4.exe, 00000002.00000002.2383163782.0000026002590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingen_py
    Source: purchaseorder4.exe, 00000002.00000002.2383268785.00000260026A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: purchaseorder4.exe, 00000002.00000002.2380929512.0000026001B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: purchaseorder4.exe, 00000002.00000003.2364306036.000002600236C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
    Source: purchaseorder4.exe, 00000002.00000002.2387831051.000002607FDE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: purchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387352280.000002607F7F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377833600.000002607F7F6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: purchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387352280.000002607F7F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377833600.000002607F7F6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: purchaseorder4.exe, 00000002.00000003.2366859785.0000026001DF4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001DE9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376285051.0000026001DF5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001DCA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372040103.0000026001DF5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366243898.0000026001DEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: purchaseorder4.exe, 00000002.00000002.2385896663.00000260036D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: purchaseorder4.exe, 00000002.00000002.2385896663.00000260036D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920c
    Source: purchaseorder4.exe, 00000002.00000003.2375614799.0000026002CC4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384110948.0000026002CC7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369957335.0000026001CB9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370232117.0000026002426000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367676446.0000026001C94000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369428646.0000026001C9D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370232117.0000026002426000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: purchaseorder4.exe, 00000002.00000003.2376194535.0000026001CF9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373747156.0000026001CF8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2374888809.0000026001CF9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: purchaseorder4.exe, 00000002.00000003.2369319467.0000026001DC5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368583100.0000026001DC2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365077127.0000026001DC0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: purchaseorder4.exe, 00000002.00000003.2368382323.00000260024C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: purchaseorder4.exe, 00000002.00000003.2373045518.0000026002CC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377372287.0000026002CCF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384164813.0000026002CD2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: purchaseorder4.exe, 00000002.00000003.2370415971.0000026001A14000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372583680.0000026001A4F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375672542.0000026001A56000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2380676163.0000026001A58000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364800314.0000026001A0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: purchaseorder4.exe, 00000002.00000003.2365786087.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368875159.00000260024AA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382975884.00000260024AB000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375836031.00000260024AB000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.00000260024A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383268785.00000260026A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: purchaseorder4.exe, 00000002.00000002.2391270361.00007FF8A8E1F000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
    Source: purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: purchaseorder4.exe, 00000002.00000003.2369319467.0000026001DC5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368583100.0000026001DC2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365077127.0000026001DC0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363391268.0000026002BBC000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D04000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376606966.0000026002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
    Source: purchaseorder4.exe, 00000002.00000003.2313024105.0000026001DD1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369319467.0000026001DEA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368541395.0000026001DEA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001DE9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001DCA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2311329097.0000026001DD1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372356212.0000026001DEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
    Source: purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2P
    Source: purchaseorder4.exe, 00000002.00000003.2314754444.0000026002241000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365095310.00000260019A3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367385651.0000026001E6C000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.00000260024BE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370624164.0000026001E81000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363477134.00000260024AD000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2318471205.000002600249B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370561505.0000026001E7E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366570656.00000260024C6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369070072.0000026001E75000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366044375.0000026001A09000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365517528.0000026001E6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
    Source: purchaseorder4.exe, 00000002.00000003.2370773485.0000026001E82000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367385651.0000026001E6C000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370624164.0000026001E81000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370561505.0000026001E7E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369070072.0000026001E75000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365517528.0000026001E6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366999934.000002600247D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373921602.000002600247F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.000002600247A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021D1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376930091.00000260021E5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362913745.00000260021CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: purchaseorder4.exe, 00000002.00000003.2375614799.0000026002CC4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384110948.0000026002CC7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369957335.0000026001CB9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367676446.0000026001C94000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369428646.0000026001C9D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: purchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0
    Source: purchaseorder4.exe, 00000002.00000003.2365205932.000002607F803000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368295742.000002607F817000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366482138.000002607F815000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365138324.000002607F801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
    Source: purchaseorder4.exe, 00000002.00000003.2373782096.0000026002D59000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384596162.0000026002DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: purchaseorder4.exe, 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmp, purchaseorder4.exe, 00000002.00000002.2390863465.00007FF8A8ADB000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: purchaseorder4.exe, 00000002.00000003.2369319467.0000026001DC5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368583100.0000026001DC2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365077127.0000026001DC0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: purchaseorder4.exe, 00000002.00000003.2373045518.0000026002CC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377372287.0000026002CCF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384164813.0000026002CD2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: purchaseorder4.exe, 00000002.00000002.2380929512.0000026001B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
    Source: purchaseorder4.exe, 00000002.00000002.2387831051.000002607FDE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370232117.0000026002426000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/

    System Summary

    barindex
    Initial sample is a PE file and has a suspicious name
    Source: initial sampleStatic PE information: Filename: purchaseorder4.exe
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781727A9C0_2_00007FF781727A9C
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781707B600_2_00007FF781707B60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781726B500_2_00007FF781726B50
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817186700_2_00007FF781718670
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817010000_2_00007FF781701000
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817092D00_2_00007FF7817092D0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817142D40_2_00007FF7817142D4
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781724A600_2_00007FF781724A60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817122740_2_00007FF781712274
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817217200_2_00007FF781721720
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781712A940_2_00007FF781712A94
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78171ECA00_2_00007FF78171ECA0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817184BC0_2_00007FF7817184BC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78171AC500_2_00007FF78171AC50
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817124800_2_00007FF781712480
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78171F3200_2_00007FF78171F320
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817226C40_2_00007FF7817226C4
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781713ED00_2_00007FF781713ED0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781718EF40_2_00007FF781718EF4
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781724EFC0_2_00007FF781724EFC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817126840_2_00007FF781712684
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781709D9B0_2_00007FF781709D9B
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781726DCC0_2_00007FF781726DCC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817135400_2_00007FF781713540
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817275500_2_00007FF781727550
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817120700_2_00007FF781712070
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817128900_2_00007FF781712890
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817186700_2_00007FF781718670
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78172A7D80_2_00007FF78172A7D8
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78171E80C0_2_00007FF78171E80C
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817217200_2_00007FF781721720
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781709F3B0_2_00007FF781709F3B
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817167500_2_00007FF781716750
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78170A76D0_2_00007FF78170A76D
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A802EB602_2_00007FF8A802EB60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80A1F402_2_00007FF8A80A1F40
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80400902_2_00007FF8A8040090
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80802102_2_00007FF8A8080210
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A803B9702_2_00007FF8A803B970
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80419E02_2_00007FF8A80419E0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8084A102_2_00007FF8A8084A10
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8054A302_2_00007FF8A8054A30
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80E1A402_2_00007FF8A80E1A40
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A806EA702_2_00007FF8A806EA70
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A802FA902_2_00007FF8A802FA90
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A803AAC02_2_00007FF8A803AAC0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8026B312_2_00007FF8A8026B31
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8036B702_2_00007FF8A8036B70
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8028C902_2_00007FF8A8028C90
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A807DC902_2_00007FF8A807DC90
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A807BCF02_2_00007FF8A807BCF0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8023D602_2_00007FF8A8023D60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8078D602_2_00007FF8A8078D60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8065DA02_2_00007FF8A8065DA0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A805BDD62_2_00007FF8A805BDD6
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8044DF02_2_00007FF8A8044DF0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A804AE102_2_00007FF8A804AE10
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8045E002_2_00007FF8A8045E00
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A804CE002_2_00007FF8A804CE00
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A804EE302_2_00007FF8A804EE30
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80C2E602_2_00007FF8A80C2E60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80A6EA02_2_00007FF8A80A6EA0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8031EC02_2_00007FF8A8031EC0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8062F202_2_00007FF8A8062F20
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8094F702_2_00007FF8A8094F70
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A804BFC02_2_00007FF8A804BFC0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80A7FF02_2_00007FF8A80A7FF0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80590802_2_00007FF8A8059080
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A806D0B02_2_00007FF8A806D0B0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80890F02_2_00007FF8A80890F0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80350F02_2_00007FF8A80350F0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80261C02_2_00007FF8A80261C0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80292702_2_00007FF8A8029270
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80D02902_2_00007FF8A80D0290
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80822A02_2_00007FF8A80822A0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A803B3102_2_00007FF8A803B310
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80523702_2_00007FF8A8052370
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80793A02_2_00007FF8A80793A0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A807A4202_2_00007FF8A807A420
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A808E4502_2_00007FF8A808E450
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80234402_2_00007FF8A8023440
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80B54B02_2_00007FF8A80B54B0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80904F02_2_00007FF8A80904F0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80925202_2_00007FF8A8092520
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A802254A2_2_00007FF8A802254A
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A802E5A02_2_00007FF8A802E5A0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A805B5DC2_2_00007FF8A805B5DC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80386702_2_00007FF8A8038670
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80D26B02_2_00007FF8A80D26B0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80476B02_2_00007FF8A80476B0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80687102_2_00007FF8A8068710
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A808F7502_2_00007FF8A808F750
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80267432_2_00007FF8A8026743
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80BA7D02_2_00007FF8A80BA7D0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80A87F02_2_00007FF8A80A87F0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A804B7F02_2_00007FF8A804B7F0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A802A8302_2_00007FF8A802A830
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80A98202_2_00007FF8A80A9820
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80428402_2_00007FF8A8042840
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80B58A02_2_00007FF8A80B58A0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A80238A02_2_00007FF8A80238A0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A81A18602_2_00007FF8A81A1860
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C5DA32_2_00007FF8A82C5DA3
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C53AD2_2_00007FF8A82C53AD
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A847A9002_2_00007FF8A847A900
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C23F62_2_00007FF8A82C23F6
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C5F102_2_00007FF8A82C5F10
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C4D092_2_00007FF8A82C4D09
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C3A942_2_00007FF8A82C3A94
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A8402C002_2_00007FF8A8402C00
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C1B272_2_00007FF8A82C1B27
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A83A2CD02_2_00007FF8A83A2CD0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C54CF2_2_00007FF8A82C54CF
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C15C82_2_00007FF8A82C15C8
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C12992_2_00007FF8A82C1299
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C65642_2_00007FF8A82C6564
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C54342_2_00007FF8A82C5434
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C213A2_2_00007FF8A82C213A
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C53C62_2_00007FF8A82C53C6
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C4F432_2_00007FF8A82C4F43
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82DEF002_2_00007FF8A82DEF00
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C21712_2_00007FF8A82C2171
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C638E2_2_00007FF8A82C638E
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A84630102_2_00007FF8A8463010
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82DF0602_2_00007FF8A82DF060
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A847B0E02_2_00007FF8A847B0E0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A84761002_2_00007FF8A8476100
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C6D5C2_2_00007FF8A82C6D5C
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C26EE2_2_00007FF8A82C26EE
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C23012_2_00007FF8A82C2301
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C1A502_2_00007FF8A82C1A50
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C36342_2_00007FF8A82C3634
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C6EBF2_2_00007FF8A82C6EBF
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C12172_2_00007FF8A82C1217
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A82C2A09 appears 60 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A80289A0 appears 31 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A82C1EF6 appears 377 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A82C4840 appears 33 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A82C405C appears 146 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A8028B90 appears 124 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF781702B10 appears 47 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A8029AD0 appears 169 times
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: String function: 00007FF8A82C2739 appears 122 times
    Source: ucrtbase.dll.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-path-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: purchaseorder4.exe, 00000000.00000003.2286728644.000001F981848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000000.00000003.2286347176.000001F981848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000000.00000003.2286951405.000001F981848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000000.00000003.2287588502.000001F981848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exeBinary or memory string: OriginalFilename vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2396658543.00007FF8B8F76000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2390863465.00007FF8A8ADB000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamelibsslH vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2397363813.00007FF8B93D2000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2397801698.00007FF8B9F7D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2394596696.00007FF8B78C1000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2392573903.00007FF8B27CE000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2395231987.00007FF8B8107000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2393884714.00007FF8B7815000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2396207483.00007FF8B8AFA000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2392979725.00007FF8B6036000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2394149892.00007FF8B7841000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2398222416.00007FF8BFAD7000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2394927686.00007FF8B800D000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2393215592.00007FF8B604E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2396848915.00007FF8B8F92000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2393635056.00007FF8B6214000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2397131913.00007FF8B9104000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2395755927.00007FF8B825E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2396417159.00007FF8B8CB9000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2391959123.00007FF8A8F28000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2397564631.00007FF8B9846000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2387746863.000002607FD20000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs purchaseorder4.exe
    Source: purchaseorder4.exe, 00000002.00000002.2387069015.000002607F770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windir=C:\WindowsXE;.BAT;.CMD;.VBp
    Source: classification engineClassification label: mal72.troj.spyw.winEXE@6/141@1/1
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781708770 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF781708770
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:120:WilError_03
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602Jump to behavior
    Source: purchaseorder4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\purchaseorder4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: purchaseorder4.exe, purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile read: C:\Users\user\Desktop\purchaseorder4.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\purchaseorder4.exe "C:\Users\user\Desktop\purchaseorder4.exe"
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: C:\Users\user\Desktop\purchaseorder4.exe "C:\Users\user\Desktop\purchaseorder4.exe"
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: C:\Users\user\Desktop\purchaseorder4.exe "C:\Users\user\Desktop\purchaseorder4.exe"Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: libffi-7.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: libcrypto-1_1.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: libssl-1_1.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
    Source: purchaseorder4.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: purchaseorder4.exeStatic file information: File size 18813776 > 1048576
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: purchaseorder4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: purchaseorder4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: purchaseorder4.exe, 00000002.00000002.2393327241.00007FF8B61CC000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: purchaseorder4.exe, 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: ucrtbase.pdb source: purchaseorder4.exe, 00000002.00000002.2395097234.00007FF8B80CC000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: purchaseorder4.exe, 00000002.00000002.2396996550.00007FF8B90FB000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: tRSA_PRIME_INFOeqdmp1dmq1iqmpprime_infosRSAPrivateKeyRSAPublicKeyhashAlgorithmmaskGenAlgorithmsaltLengthtrailerFieldRSA_PSS_PARAMShashFuncmaskGenFuncpSourceFuncRSA_OAEP_PARAMScompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.1built on: Fri Feb 23 00:13:44 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: purchaseorder4.exe, 00000002.00000002.2390759212.00007FF8A8AA6000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: purchaseorder4.exe, 00000000.00000003.2286951405.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2396332002.00007FF8B8CB5000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-csg7dlje\src\rust\target\release\deps\cryptography_rust.pdb source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: purchaseorder4.exe, 00000002.00000002.2393327241.00007FF8B61CC000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: purchaseorder4.exe, 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-csg7dlje\src\rust\target\release\deps\cryptography_rust.pdbo source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: purchaseorder4.exe, 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: purchaseorder4.exe, 00000002.00000002.2394435263.00007FF8B78B0000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: purchaseorder4.exe, 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: purchaseorder4.exe, 00000002.00000002.2390759212.00007FF8A8AA6000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: purchaseorder4.exe, 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: purchaseorder4.exe, 00000000.00000003.2286728644.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2398128067.00007FF8BFAD1000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: purchaseorder4.exe, 00000002.00000002.2397697062.00007FF8B9F70000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: purchaseorder4.exe, 00000002.00000002.2393143390.00007FF8B6046000.00000002.00000001.01000000.00000019.sdmp
    Source: Binary string: crypto\engine\tb_digest.cENGINE_get_digestcrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancrypto\packet.ccompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: purchaseorder4.exe, 00000002.00000002.2394002737.00007FF8B7833000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: purchaseorder4.exe, 00000000.00000003.2287077073.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2395553131.00007FF8B8257000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: purchaseorder4.exe, 00000002.00000002.2394002737.00007FF8B7833000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: purchaseorder4.exe, 00000002.00000002.2391270361.00007FF8A8E1F000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: purchaseorder4.exe, 00000002.00000002.2394839291.00007FF8B8002000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: purchaseorder4.exe, 00000002.00000002.2396567848.00007FF8B8F73000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: purchaseorder4.exe, 00000002.00000002.2396996550.00007FF8B90FB000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: purchaseorder4.exe, 00000000.00000003.2287206065.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2397257835.00007FF8B93CD000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: purchaseorder4.exe, 00000002.00000002.2394435263.00007FF8B78B0000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: ucrtbase.pdbUGP source: purchaseorder4.exe, 00000002.00000002.2395097234.00007FF8B80CC000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: purchaseorder4.exe, 00000002.00000002.2396757605.00007FF8B8F88000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: purchaseorder4.exe, 00000002.00000002.2387746863.000002607FD20000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: purchaseorder4.exe, 00000002.00000002.2393722010.00007FF8B77FD000.00000002.00000001.01000000.00000014.sdmp
    Source: purchaseorder4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: purchaseorder4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: purchaseorder4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: purchaseorder4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: purchaseorder4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: purchaseorder4.exeStatic PE information: section name: _RDATA
    Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
    Source: python310.dll.0.drStatic PE information: section name: PyRuntim
    Source: mfc140u.dll.0.drStatic PE information: section name: .didat
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA

    Persistence and Installation Behavior

    barindex
    Found pyInstaller with non standard icon
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: "C:\Users\user\Desktop\purchaseorder4.exe"
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\win32ui.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\win32com\shell\shell.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pywintypes310.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\mfc140u.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\libcrypto-1_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pythoncom310.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-path-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\libffi-7.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\libssl-1_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32trace.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32evtlog.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\_cffi_backend.cp310-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI30602\python310.dllJump to dropped file

    Hooking and other Techniques for Hiding and Protection

    barindex
    Icon mismatch, binary includes an icon from a different legit application in order to fool users
    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: adobe 12.png
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817053F0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7817053F0
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\win32ui.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\win32com\shell\shell.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pywintypes310.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\mfc140u.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pythoncom310.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-path-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32trace.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32evtlog.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\_cffi_backend.cp310-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI30602\python310.dllJump to dropped file
    Source: C:\Users\user\Desktop\purchaseorder4.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17426
    Source: C:\Users\user\Desktop\purchaseorder4.exeAPI coverage: 2.1 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781708D00 FindFirstFileExW,FindClose,0_2_00007FF781708D00
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781718670 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF781718670
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817226C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7817226C4
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781718670 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF781718670
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A802FEB0 GetSystemInfo,2_2_00007FF8A802FEB0
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dllJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\win32Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI30602\pythonwinJump to behavior
    Source: purchaseorder4.exe, 00000002.00000003.2311109674.0000026001CD8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369957335.0000026001CCC000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2311526856.0000026001CCE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2379737936.0000026001CD9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364762480.0000026001CCA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78171B3CC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78171B3CC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF7817242D0 GetProcessHeap,0_2_00007FF7817242D0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78170CA9C SetUnhandledExceptionFilter,0_2_00007FF78170CA9C
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78171B3CC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78171B3CC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78170C8BC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78170C8BC
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78170C030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF78170C030
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A814F0C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A814F0C0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A81A2A60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A81A2A60
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A81A3028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A81A3028
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: C:\Users\user\Desktop\purchaseorder4.exe "C:\Users\user\Desktop\purchaseorder4.exe"Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78172A620 cpuid 0_2_00007FF78172A620
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-debug-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-2-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l2-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-heap-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-interlocked-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-memory-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-path-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-1.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-string-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-util-l1-1-0.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pywintypes310.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pythoncom310.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32api.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32com VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32com VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32com VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI30602\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeQueries volume information: C:\Users\user\Desktop\purchaseorder4.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF78170C7A0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF78170C7A0
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 0_2_00007FF781726B50 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF781726B50
    Source: C:\Users\user\Desktop\purchaseorder4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Detected generic credential text file
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\google-chrome\Download_History.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\microsoft-edge\Autofill_Data.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\microsoft-edge\Browser_History.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\microsoft-edge\Download_History.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\google-chrome\Saved_Passwords.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\google-chrome\Browser_History.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\microsoft-edge\Saved_Credit_Cards.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\google-chrome\Saved_Credit_Cards.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\google-chrome\Autofill_Data.txtJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile created: C:\Users\user\AppData\Local\Temp\Browser\microsoft-edge\Saved_Passwords.txtJump to behavior
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\Desktop\purchaseorder4.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: purchaseorder4.exe PID: 3224, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: purchaseorder4.exe PID: 3224, type: MEMORYSTR
    Source: C:\Users\user\Desktop\purchaseorder4.exeCode function: 2_2_00007FF8A82C2B62 bind,WSAGetLastError,2_2_00007FF8A82C2B62

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Masquerading    		1
    OS Credential Dumping    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Process Injection    		LSASS Memory21
    Security Software Discovery    		Remote Desktop Protocol2
    Data from Local System    		1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Obfuscated Files or Information    		NTDS24
    System Information Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\mfc140u.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\win32ui.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-path-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%URL Reputationsafe
    https://foss.heptapod.net/pypy/pypy/-/issues/35390%URL Reputationsafe
    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html0%URL Reputationsafe
    https://sectigo.com/CPS00%URL Reputationsafe
    http://www.tarsnap.com/scrypt/scrypt-slides.pdf0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalse
      		unknown
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalse
        		unknown
        dasmake.xyz
        		192.236.232.35
        		truetrue
          		unknown
          mail.dasmake.xyz
          		unknown
          		unknowntrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfpurchaseorder4.exe, 00000002.00000003.2370415971.0000026001A14000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372583680.0000026001A4F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375672542.0000026001A56000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2380676163.0000026001A58000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364800314.0000026001A0F000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.dabeaz.com/ply)Fpurchaseorder4.exe, 00000002.00000002.2382264597.00000260021A1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377263408.0000026002191000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.dabeaz.com/ply)purchaseorder4.exe, 00000002.00000002.2386114592.0000026003A80000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/pyca/cryptography/issues/8996purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpfalse
                    		high
                    https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2Ppurchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      http://aka.ms/vcpython27purchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/mhammond/pywin32purchaseorder4.exe, 00000000.00000003.2286347176.000001F981848000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2394596696.00007FF8B78C1000.00000002.00000001.01000000.00000010.sdmp, purchaseorder4.exe, 00000002.00000002.2392573903.00007FF8B27CE000.00000002.00000001.01000000.0000001F.sdmp, purchaseorder4.exe, 00000002.00000002.2394149892.00007FF8B7841000.00000002.00000001.01000000.00000013.sdmp, purchaseorder4.exe, 00000002.00000002.2393635056.00007FF8B6214000.00000002.00000001.01000000.00000012.sdmpfalse
                          		high
                          http://docs.python.org/library/unittest.htmlpurchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://python.org/dev/peps/pep-0263/purchaseorder4.exe, 00000002.00000002.2391270361.00007FF8A8E1F000.00000002.00000001.01000000.00000005.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#purchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387352280.000002607F7F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377833600.000002607F7F6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://tools.ietf.org/html/rfc2388#section-4.4purchaseorder4.exe, 00000002.00000003.2370773485.0000026001E82000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367385651.0000026001E6C000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370624164.0000026001E81000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370561505.0000026001E7E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369070072.0000026001E75000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365517528.0000026001E6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/pypa/packagingpurchaseorder4.exe, 00000002.00000003.2378740529.0000026001D45000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361568751.0000026002C53000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373045518.0000026002CC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362383954.0000026002C53000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377372287.0000026002CCF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368225233.0000026001D2D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383856392.0000026002C53000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383163782.0000026002590000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://csrc.nist.gov/publicatiopurchaseorder4.exe, 00000002.00000002.2384762588.0000026002E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://stackoverflow.com/questions/19622133/purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://refspecs.linuxfoundation.org/elf/gabi4purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitationspurchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.killpurchaseorder4.exe, 00000002.00000002.2385726797.00000260034A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://tools.ietf.org/html/rfc3610purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366999934.000002600247D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373921602.000002600247F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.000002600247A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://curl.haxx.se/rfc/cookie_spec.htmlpurchaseorder4.exe, 00000002.00000002.2385896663.000002600374C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodepurchaseorder4.exe, 00000002.00000002.2385726797.00000260034A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxypurchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.python.org/3/library/pprint.htmlpurchaseorder4.exe, 00000002.00000003.2368846916.0000026001D0F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688purchaseorder4.exe, 00000002.00000002.2387831051.000002607FDE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://httpbin.org/getpurchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accesspurchaseorder4.exe, 00000002.00000003.2313024105.0000026001DD1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369319467.0000026001DEA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368541395.0000026001DEA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001DE9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001DCA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2311329097.0000026001DD1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372356212.0000026001DEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerpurchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387352280.000002607F7F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377833600.000002607F7F6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://httpbin.org/purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filepurchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpfalse
                                                                      		high
                                                                      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlpurchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://aka.ms/vcpython27Ppurchaseorder4.exe, 00000002.00000002.2385639108.00000260033A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sypurchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387352280.000002607F7F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377833600.000002607F7F6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.python.org/3/library/re.htmlpurchaseorder4.exe, 00000002.00000003.2314754444.00000260022A1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368382323.00000260024C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/pypa/setuptools/issues/417#issuecomment-392298401purchaseorder4.exe, 00000002.00000002.2380929512.0000026001B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://github.com/ActiveState/appdirspurchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://wiki.debian.org/XDGBaseDirectorySpecification#statepurchaseorder4.exe, 00000002.00000003.2365205932.000002607F803000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364699469.000002607F7ED000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365004051.000002607F7F0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368295742.000002607F817000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366482138.000002607F815000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365138324.000002607F801000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://wwwsearch.sf.net/):purchaseorder4.exe, 00000002.00000003.2375614799.0000026002CC4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384110948.0000026002CC7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tools.ietf.org/html/rfc6125#section-6.4.3purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cffi.readthedocs.io/en/latest/using.html#callbackspurchaseorder4.exe, 00000002.00000002.2392174415.00007FF8B054C000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                          		high
                                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://bugs.python.org/issue44497.purchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://google.com/mailpurchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370232117.0000026002426000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://packaging.python.org/specifications/entry-points/purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383268785.00000260026A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/jaraco/jaraco.functools/issues/5purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pypurchaseorder4.exe, 00000002.00000003.2375776012.000002607F7F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmpurchaseorder4.exe, 00000002.00000003.2313024105.0000026001DD1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.rfc-editor.org/info/rfc7253purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D28000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370208370.0000026002D25000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384296491.0000026002D2A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/pyca/cryptography/issuespurchaseorder4.exe, 00000002.00000002.2386458097.0000026003EB4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://bugs.python.org/issue23606)purchaseorder4.exe, 00000002.00000002.2386004860.00000260038F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfpurchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366999934.000002600247D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002DD8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373921602.000002600247F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.000002600247A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://foss.heptapod.net/pypy/pypy/-/issues/3539purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.purchaseorder4.exe, 00000002.00000003.2366859785.0000026001DF4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001DE9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376285051.0000026001DF5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001DCA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372040103.0000026001DF5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366243898.0000026001DEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://google.com/purchaseorder4.exe, 00000002.00000003.2376472876.0000026002432000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.0000026002432000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002432000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368437865.000002600242F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://mahler:8092/site-updates.pypurchaseorder4.exe, 00000002.00000003.2373045518.0000026002CC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377372287.0000026002CCF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384164813.0000026002CD2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		low
                                                                                                                      http://.../back.jpegpurchaseorder4.exe, 00000002.00000002.2385896663.000002600374C000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321108231.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321055713.0000026002D08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		low
                                                                                                                        http://tools.ietf.org/html/rfc5869purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.python.org/download/releases/2.3/mro/.purchaseorder4.exe, 00000002.00000002.2387831051.000002607FDE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlpurchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021D1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363347083.0000026002501000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366999934.000002600247D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376930091.00000260021E5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366123429.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.000002600247A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2378170065.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377137380.0000026002504000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://httpbin.org/postpurchaseorder4.exe, 00000002.00000003.2369319467.0000026001DC5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368583100.0000026001DC2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365077127.0000026001DC0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Ousret/charset_normalizerpurchaseorder4.exe, 00000002.00000003.2320193569.00000260024BE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362456773.0000026002565000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370306983.0000026002585000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.python.org/3/library/re.html#re.subpurchaseorder4.exe, 00000002.00000003.2314754444.0000026002241000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2318471205.000002600249B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383268785.00000260026A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2314754444.00000260022A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920purchaseorder4.exe, 00000002.00000002.2385896663.00000260036D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1purchaseorder4.exe, 00000002.00000002.2386201220.0000026003C0C000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2386350724.0000026003D40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://yahoo.com/purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370232117.0000026002426000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2purchaseorder4.exe, 00000002.00000002.2383445652.00000260028A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regularpurchaseorder4.exe, 00000002.00000003.2314754444.0000026002241000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365095310.00000260019A3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367385651.0000026001E6C000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.00000260024BE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370624164.0000026001E81000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363477134.00000260024AD000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2318471205.000002600249B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370561505.0000026001E7E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366570656.00000260024C6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001E6A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369070072.0000026001E75000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366044375.0000026001A09000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365517528.0000026001E6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6purchaseorder4.exe, 00000002.00000002.2383856392.0000026002C22000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362383954.0000026002C20000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361568751.0000026002C13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://html.spec.whatwg.org/multipage/purchaseorder4.exe, 00000002.00000003.2376194535.0000026001CF9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373747156.0000026001CF8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2374888809.0000026001CF9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/pyparsing/pyparsing/wikipurchaseorder4.exe, 00000002.00000003.2364306036.000002600236C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspurchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/pyca/cryptography/issues/9253purchaseorder4.exe, 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdfpurchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376865609.0000026002D0C000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382240128.0000026002190000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.iana.org/time-zones/repository/tz-link.htmlpurchaseorder4.exe, 00000002.00000003.2312072659.0000026001DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://tools.ietf.org/html/rfc5297purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2385813257.00000260035C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://upload.pypi.org/legacy/purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://docs.python.org/library/itertools.html#recipespurchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312782863.00000260019FE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382065051.0000026001F90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tools.ietf.org/html/rfc4880purchaseorder4.exe, 00000002.00000003.2377263408.00000260021C1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372716624.00000260021C2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.00000260023E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://requests.readthedocs.iopurchaseorder4.exe, 00000002.00000003.2369319467.0000026001DC5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368583100.0000026001DC2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365077127.0000026001DC0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdfpurchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021D1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376930091.00000260021E5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362913745.00000260021CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcapurchaseorder4.exe, 00000002.00000002.2383356804.00000260027A0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381972173.0000026001E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://packaging.python.org/en/latest/specifications/declaring-project-metadata/purchaseorder4.exe, 00000002.00000003.2365786087.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368875159.00000260024AA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382975884.00000260024AB000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375836031.00000260024AB000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.00000260024A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/pypa/setuptools/issues/1024.purchaseorder4.exe, 00000002.00000002.2383268785.00000260026A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://sectigo.com/CPS0purchaseorder4.exe, 00000002.00000002.2383700298.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363391268.0000026002BBC000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365615919.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369892028.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363847601.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362795977.0000026002BA1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366063143.0000026002BB4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363178642.0000026002BB0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362323038.0000026002D00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376124949.0000026002D04000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376606966.0000026002D24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.python.orgpurchaseorder4.exe, 00000002.00000003.2369319467.0000026001DC5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368583100.0000026001DC2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364596999.0000026001D7F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365077127.0000026001DC0000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.0000026002229000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2314990918.0000026001A0D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2368804066.0000026002228000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.00000260024BE000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312013424.00000260019FF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362456773.0000026002524000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362263286.000002600250A000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369607616.0000026002530000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2312782863.0000026001A0E000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002191000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2371227342.0000026002531000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364800314.0000026001A0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.tarsnap.com/scrypt/scrypt-slides.pdfpurchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdfpurchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2381915772.0000026001E18000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366965400.0000026001DFB000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373782096.0000026002D59000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2387831051.000002607FDE0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373616727.0000026002D51000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2385896663.000002600374C000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2366859785.0000026001DF4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.00000260024A9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364867749.0000026001DE9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382391801.00000260021F9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367145372.0000026001E00000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2386004860.0000026003810000.00000004.00001000.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372293412.0000026002240000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2375344906.00000260024BF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362838082.0000026001DCA000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363477134.00000260024AD000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361673045.0000026002D4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.python.org/purchaseorder4.exe, 00000002.00000003.2373045518.0000026002CC9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377372287.0000026002CCF000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384164813.0000026002CD2000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://json.orgpurchaseorder4.exe, 00000002.00000003.2368382323.00000260024C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.python.org/dev/peps/pep-0205/purchaseorder4.exe, 00000002.00000002.2380929512.0000026001B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://twitter.com/purchaseorder4.exe, 00000002.00000003.2375614799.0000026002CC4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384110948.0000026002CC7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369957335.0000026001CB9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367676446.0000026001C94000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369428646.0000026001C9D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://docs.python.org/3/library/pprint.html#pprint.pprintpurchaseorder4.exe, 00000002.00000003.2368846916.0000026001D0F000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364489827.0000026001CE1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365987293.0000026001CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://google.com/purchaseorder4.exe, 00000002.00000003.2375614799.0000026002CC4000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2365786087.0000026002408000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2384110948.0000026002CC7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2321838846.0000026002CC3000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369957335.0000026001CB9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369708079.0000026002C9B000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2372864592.0000026002CB6000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370232117.0000026002426000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367721039.0000026002412000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369520511.0000026002413000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367676446.0000026001C94000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2369428646.0000026001C9D000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2361778148.0000026002C97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://google.com/mail/purchaseorder4.exe, 00000002.00000003.2363242195.0000026001C91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://google.com/mail/purchaseorder4.exe, 00000002.00000003.2375092092.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2367178720.00000260023E8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362516738.0000026002389000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2320193569.0000026002351000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2377547206.00000260023E9000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2364056719.0000026002398000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000002.2382735562.00000260023E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.terminatepurchaseorder4.exe, 00000002.00000002.2383616657.0000026002AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://tools.ietf.org/html/rfc5297purchaseorder4.exe, 00000002.00000003.2362913745.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021D1000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2373172224.00000260021F8000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2376930091.00000260021E5000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2370892205.00000260021F7000.00000004.00000020.00020000.00000000.sdmp, purchaseorder4.exe, 00000002.00000003.2362913745.00000260021CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.openssl.org/Hpurchaseorder4.exe, 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmp, purchaseorder4.exe, 00000002.00000002.2390863465.00007FF8A8ADB000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://github.com/urllib3/urllib3/issues/2920cpurchaseorder4.exe, 00000002.00000002.2385896663.00000260036D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          192.236.232.35
                                                                                                                                                                                                          		dasmake.xyzUnited States
                                                                                                                                                                                                          		54290HOSTWINDSUStrue

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                          Analysis ID:1428748
                                                                                                                                                                                                          Start date and time:2024-04-19 14:56:13 +02:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 7m 59s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:5
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:purchaseorder4.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal72.troj.spyw.winEXE@6/141@1/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 70%
                                                                                                                                                                                                          • Number of executed functions: 56
                                                                                                                                                                                                          • Number of non-executed functions: 158
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 40.126.7.32, 40.126.28.13, 40.126.28.14, 40.126.28.20, 40.126.7.35, 40.126.28.21, 40.126.28.22, 40.126.28.11, 20.12.23.50, 52.168.117.173
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, dns.msftncsi.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                          • VT rate limit hit for: purchaseorder4.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          192.236.232.35thurs20.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                            thurs17.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                              thurs21.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                thurs19.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                  thurs18.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    thurs14.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      thurs9.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                        thurs13.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          thurs15.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            thurs16.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              fp2e7a.wpc.phicdn.nethttps://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              https://app.box.com/s/ktl5qtvf2us1megbgmjabwqaxcdy69b5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              https://dt.r24dmp.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              s.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              https://bestprizerhere.life/?u=3w8p605&o=pn1kfzq&t=pshtb_redirectUrl_bodyGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              http://bestprizerhere.life/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              https://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              http://monacolife.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.229.211.108
                                                                                                                                                                                                                              bg.microsoft.map.fastly.nethttps://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                              https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                              s.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                              https://bestprizerhere.life/?u=3w8p605&o=pn1kfzq&t=pshtb_redirectUrl_bodyGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                              https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                              ServerInfo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                              xYUpeXwPkWEHXm4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                              https://www.joesandbox.com/loginGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                              dwutTyDPzl2TBZV.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                              https://www.we-conect.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 199.232.210.172

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              HOSTWINDSUS6VXQ3TUNZo.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 23.254.230.220
                                                                                                                                                                                                                              dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.129.205.107
                                                                                                                                                                                                                              C4OTm1FW94.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 198.46.69.153
                                                                                                                                                                                                                              XIu2eKNZ8m.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 198.44.16.232
                                                                                                                                                                                                                              https://tinyurl.com/3yxa6y96Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                              • 142.11.219.184
                                                                                                                                                                                                                              DgLPlHLnJX.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 23.238.25.1
                                                                                                                                                                                                                              5s5ViRw5xB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.255.255.255
                                                                                                                                                                                                                              5s5ViRw5xB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 192.255.255.255
                                                                                                                                                                                                                              voeOaGyR3y.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                              • 23.254.184.155
                                                                                                                                                                                                                              Sldl84wxy8.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                                                                                              • 192.236.232.25

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_Salsa20.pyds.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  TiKj3IVDj4.exeGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                                                                    TiKj3IVDj4.exeGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                                                                      cs2aimwallhack.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        SecuriteInfo.com.Python.Stealer.1447.10844.3562.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                                                          SecuriteInfo.com.Win64.Evo-gen.1756.25811.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                            00-OneDrive.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                                              00-OneDrive.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                                                0K6pKPTUmF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_ARC4.pyds.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    s.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      cs2aimwallhack.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        SecuriteInfo.com.Python.Stealer.1447.10844.3562.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                                                                          SecuriteInfo.com.Win64.Evo-gen.1756.25811.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                            00-OneDrive.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                                                              00-OneDrive.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                                                                0K6pKPTUmF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  mnmg.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                    thurs20.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Browser.zip

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1690
                                                                                                                                                                                                                                                                      Entropy (8bit):4.327805491443421
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:9dTLGHLLpuMItGTTIhOIRf1PnMtzsrh/Rt:D3KA/t+udRf1PnMtwF/Rt
                                                                                                                                                                                                                                                                      MD5:72C62D8D2CF46487B0F1C44E54715363
                                                                                                                                                                                                                                                                      SHA1:83F135CE3B564B31FD052369A901E0527C32224E
                                                                                                                                                                                                                                                                      SHA-256:9B986FDC30683CD49D2E97620DCF53A30A3AC035C247B09AE0776E6BB0CBD7CC
                                                                                                                                                                                                                                                                      SHA-512:DD89D0A561F5D23ACB9B6AA4323B4836223556FE163B8438F19EE48EA8299ABF5CA6DD2E8E5F7612BAA77E9528BFAA63AE3B4EC0860410BF1A15858E71385F0D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Preview:PK......../w.X................google-chrome/PK......../w.X................microsoft-edge/PK......../w.X................google-chrome/Autofill_Data.txt..PK......../w.X............!...google-chrome/Browser_History.txt..PK......../w.X............"...google-chrome/Download_History.txt..PK......../w.X............$...google-chrome/Saved_Credit_Cards.txt..PK......../w.X............!...google-chrome/Saved_Passwords.txt..PK......../w.X............ ...microsoft-edge/Autofill_Data.txt..PK......../w.X............"...microsoft-edge/Browser_History.txt..PK......../w.X............#...microsoft-edge/Download_History.txt..PK......../w.X............%...microsoft-edge/Saved_Credit_Cards.txt..PK......../w.X............"...microsoft-edge/Saved_Passwords.txt..PK........../w.X.........................A....google-chrome/PK........../w.X.........................A,...microsoft-edge/PK........../w.X..........................Y...google-chrome/Autofill_Data.txtPK........../w.X............!.................google-c

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                                                                      Entropy (8bit):4.703513333396807
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                                                                                                                                                      MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                                                                                                                                                      SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                                                                                                                                                      SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                                                                                                                                                      SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                      • Filename: s.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: s.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: cs2aimwallhack.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Python.Stealer.1447.10844.3562.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Win64.Evo-gen.1756.25811.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 00-OneDrive.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 00-OneDrive.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 0K6pKPTUmF.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: mnmg.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: thurs20.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                                                                      Entropy (8bit):4.968452734961967
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:JF3TgNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDqbwYH/kcX6gT:WF/1nb2mhQtkXHTeZ87VDqrMcqgYvEp
                                                                                                                                                                                                                                                                      MD5:371776A7E26BAEB3F75C93A8364C9AE0
                                                                                                                                                                                                                                                                      SHA1:BF60B2177171BA1C6B4351E6178529D4B082BDA9
                                                                                                                                                                                                                                                                      SHA-256:15257E96D1CA8480B8CB98F4C79B6E365FE38A1BA9638FC8C9AB7FFEA79C4762
                                                                                                                                                                                                                                                                      SHA-512:C23548FBCD1713C4D8348917FF2AB623C404FB0E9566AB93D147C62E06F51E63BDAA347F2D203FE4F046CE49943B38E3E9FA1433F6455C97379F2BC641AE7CE9
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                      • Filename: s.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: s.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: TiKj3IVDj4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: TiKj3IVDj4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: cs2aimwallhack.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Python.Stealer.1447.10844.3562.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Win64.Evo-gen.1756.25811.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 00-OneDrive.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 00-OneDrive.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 0K6pKPTUmF.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                                      Entropy (8bit):5.061461040216793
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                                                                                                                                                      MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                                                                                                                                                      SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                                                                                                                                                      SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                                                                                                                                                      SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                                      Entropy (8bit):5.236167046748013
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:/siHXqpoUol3xZhRyQX5lDnRDFYav+tcqgRvE:h6D+XBDgDgRvE
                                                                                                                                                                                                                                                                      MD5:D9E7218460AEE693BEA07DA7C2B40177
                                                                                                                                                                                                                                                                      SHA1:9264D749748D8C98D35B27BEFE6247DA23FF103D
                                                                                                                                                                                                                                                                      SHA-256:38E423D3BCC32EE6730941B19B7D5D8872C0D30D3DD8F9AAE1442CB052C599AD
                                                                                                                                                                                                                                                                      SHA-512:DDB579E2DEA9D266254C0D9E23038274D9AE33F0756419FD53EC6DC1A27D1540828EE8F4AD421A5CFFD9B805F1A68F26E70BDC1BAB69834E8ACD6D7BB7BDB0DB
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d....e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                                                                                      Entropy (8bit):6.558176937399355
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:Dz2P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuCLg46:DzeqWB7YJlmLJ3oD/S4j990th9VCsC
                                                                                                                                                                                                                                                                      MD5:F751792DF10CDEED391D361E82DAF596
                                                                                                                                                                                                                                                                      SHA1:3440738AF3C88A4255506B55A673398838B4CEAC
                                                                                                                                                                                                                                                                      SHA-256:9524D1DADCD2F2B0190C1B8EDE8E5199706F3D6C19D3FB005809ED4FEBF3E8B5
                                                                                                                                                                                                                                                                      SHA-512:6159F245418AB7AD897B02F1AADF1079608E533B9C75006EFAF24717917EAA159846EE5DFC0E85C6CFF8810319EFECBA80C1D51D1F115F00EC1AFF253E312C00
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):15872
                                                                                                                                                                                                                                                                      Entropy (8bit):5.285191078037458
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:wJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4jqccqgwYUMvEW:ikRwi3wO26Ef+yuIm9PfD7wgwYUMvE
                                                                                                                                                                                                                                                                      MD5:BBEA5FFAE18BF0B5679D5C5BCD762D5A
                                                                                                                                                                                                                                                                      SHA1:D7C2721795113370377A1C60E5CEF393473F0CC5
                                                                                                                                                                                                                                                                      SHA-256:1F4288A098DA3AAC2ADD54E83C8C9F2041EC895263F20576417A92E1E5B421C1
                                                                                                                                                                                                                                                                      SHA-512:0932EC5E69696D6DD559C30C19FC5A481BEFA38539013B9541D84499F2B6834A2FFE64A1008A1724E456FF15DDA6268B7B0AD8BA14918E2333567277B3716CC4
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d....e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                                                      Entropy (8bit):5.505471888568532
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:vd9VkyQ5f8vjVaCHpKpTTjaNe7oca2DW3Q2dhmdcqgwNeecBih:JkP5cjIGpKlqD2D4kzgwNeE
                                                                                                                                                                                                                                                                      MD5:D2175300E065347D13211F5BF7581602
                                                                                                                                                                                                                                                                      SHA1:3AE92C0B0ECDA1F6B240096A4E68D16D3DB1FFB0
                                                                                                                                                                                                                                                                      SHA-256:94556934E3F9EE73C77552D2F3FC369C02D62A4C9E7143E472F8E3EE8C00AEE1
                                                                                                                                                                                                                                                                      SHA-512:6156D744800206A431DEE418A1C561FFB45D726DC75467A91D26EE98503B280C6595CDEA02BDA6A023235BD010835EA1FC9CB843E9FEC3501980B47B6B490AF7
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):20992
                                                                                                                                                                                                                                                                      Entropy (8bit):6.06124024160806
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:bUv5cJMOZA0nmwBD+XpJgLa0Mp8Qpg4P2llyM:0K1XBD+DgLa1yTi
                                                                                                                                                                                                                                                                      MD5:45616B10ABE82D5BB18B9C3AB446E113
                                                                                                                                                                                                                                                                      SHA1:91B2C0B0F690AE3ABFD9B0B92A9EA6167049B818
                                                                                                                                                                                                                                                                      SHA-256:F348DB1843B8F38A23AEE09DD52FB50D3771361C0D529C9C9E142A251CC1D1EC
                                                                                                                                                                                                                                                                      SHA-512:ACEA8C1A3A1FA19034FD913C8BE93D5E273B7719D76CB71C36F510042918EA1D9B44AC84D849570F9508D635B4829D3E10C36A461EC63825BA178F5AC1DE85FB
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):25088
                                                                                                                                                                                                                                                                      Entropy (8bit):6.475467273446457
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:oc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy4IYgLWi:B6H1TZXX5XmrXA+NNxWiFdLWi
                                                                                                                                                                                                                                                                      MD5:CF3C2F35C37AA066FA06113839C8A857
                                                                                                                                                                                                                                                                      SHA1:39F3B0AEFB771D871A93681B780DA3BD85A6EDD0
                                                                                                                                                                                                                                                                      SHA-256:1261783F8881642C3466B96FA5879A492EA9E0DAB41284ED9E4A82E8BCF00C80
                                                                                                                                                                                                                                                                      SHA-512:1C36B80AAE49FD5E826E95D83297AE153FDB2BC652A47D853DF31449E99D5C29F42ED82671E2996AF60DCFB862EC5536BB0A68635D4E33D33F8901711C0C8BE6
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                                      Entropy (8bit):4.838534302892255
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:0F/1nb2mhQtkr+juOxKbDbnHcqgYvEkrK:u2f6iuOsbDtgYvEmK
                                                                                                                                                                                                                                                                      MD5:20708935FDD89B3EDDEEA27D4D0EA52A
                                                                                                                                                                                                                                                                      SHA1:85A9FE2C7C5D97FD02B47327E431D88A1DC865F7
                                                                                                                                                                                                                                                                      SHA-256:11DD1B49F70DB23617E84E08E709D4A9C86759D911A24EBDDFB91C414CC7F375
                                                                                                                                                                                                                                                                      SHA-512:F28C31B425DC38B5E9AD87B95E8071997E4A6F444608E57867016178CD0CA3E9F73A4B7F2A0A704E45F75B7DCFF54490510C6BF8461F3261F676E9294506D09B
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                                      Entropy (8bit):4.9047185025862925
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:NRgPX8lvI+KnwSDTPUDEhKWPXcqgzQkvEd:2og9rUD9mpgzQkvE
                                                                                                                                                                                                                                                                      MD5:43BBE5D04460BD5847000804234321A6
                                                                                                                                                                                                                                                                      SHA1:3CAE8C4982BBD73AF26EB8C6413671425828DBB7
                                                                                                                                                                                                                                                                      SHA-256:FAA41385D0DB8D4EE2EE74EE540BC879CF2E884BEE87655FF3C89C8C517EED45
                                                                                                                                                                                                                                                                      SHA-512:DBC60F1D11D63BEBBAB3C742FB827EFBDE6DFF3C563AE1703892D5643D5906751DB3815B97CBFB7DA5FCD306017E4A1CDCC0CDD0E61ADF20E0816F9C88FE2C9B
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                                      Entropy (8bit):5.300163691206422
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:j0J1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDrdkrRcqgUF6+6vEX:jM01si8XSi3SACqe7tDeDgUUjvE
                                                                                                                                                                                                                                                                      MD5:C6B20332B4814799E643BADFFD8DF2CD
                                                                                                                                                                                                                                                                      SHA1:E7DA1C1F09F6EC9A84AF0AB0616AFEA55A58E984
                                                                                                                                                                                                                                                                      SHA-256:61C7A532E108F67874EF2E17244358DF19158F6142680F5B21032BA4889AC5D8
                                                                                                                                                                                                                                                                      SHA-512:D50C7F67D2DFB268AD4CF18E16159604B6E8A50EA4F0C9137E26619FD7835FAAD323B5F6A2B8E3EC1C023E0678BCBE5D0F867CD711C5CD405BD207212228B2B4
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):57856
                                                                                                                                                                                                                                                                      Entropy (8bit):4.260220483695234
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:9XUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZNZY0JAIg+v:99HGHfJidSK
                                                                                                                                                                                                                                                                      MD5:0B538205388FDD99A043EE3AFAA074E4
                                                                                                                                                                                                                                                                      SHA1:E0DD9306F1DBE78F7F45A94834783E7E886EB70F
                                                                                                                                                                                                                                                                      SHA-256:C4769D3E6EB2A2FECB5DEC602D45D3E785C63BB96297268E3ED069CC4A019B1A
                                                                                                                                                                                                                                                                      SHA-512:2F4109E42DB7BC72EB50BCCC21EB200095312EA00763A255A38A4E35A77C04607E1DB7BB69A11E1D80532767B20BAA4860C05F52F32BF1C81FE61A7ECCEB35ED
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):58368
                                                                                                                                                                                                                                                                      Entropy (8bit):4.276870967324261
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:9jUqho9weF5/eHkRnYcZiGKdZHDL7idErZjZYXGg:9RCneH//id42
                                                                                                                                                                                                                                                                      MD5:6C3E976AB9F47825A5BD9F73E8DBA74E
                                                                                                                                                                                                                                                                      SHA1:4C6EB447FE8F195CF7F4B594CE7EAF928F52B23A
                                                                                                                                                                                                                                                                      SHA-256:238CDB6B8FB611DB4626E6D202E125E2C174C8F73AE8A3273B45A0FC18DEA70C
                                                                                                                                                                                                                                                                      SHA-512:B19516F00CC0484D9CDA82A482BBFE41635CDBBE19C13F1E63F033C9A68DD36798C44F04D6BD8BAE6523A845E852D81ACADD0D5DD86AF62CC9D081B803F8DF7B
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                                      Entropy (8bit):4.578113904149635
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:R0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwo2Pj15XkcX6gbW6z:DVddiT7pgTctEEI4qXDo11kcqgbW6
                                                                                                                                                                                                                                                                      MD5:FEE13D4FB947835DBB62ACA7EAFF44EF
                                                                                                                                                                                                                                                                      SHA1:7CC088AB68F90C563D1FE22D5E3C3F9E414EFC04
                                                                                                                                                                                                                                                                      SHA-256:3E0D07BBF93E0748B42B1C2550F48F0D81597486038C22548224584AE178A543
                                                                                                                                                                                                                                                                      SHA-512:DEA92F935BC710DF6866E89CC6EB5B53FC7ADF0F14F3D381B89D7869590A1B0B1F98F347664F7A19C6078E7AA3EB0F773FFCB711CC4275D0ECD54030D6CF5CB2
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):22016
                                                                                                                                                                                                                                                                      Entropy (8bit):6.143719741413071
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:IUv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Q90gYP2lXCM:BKR8I+K0lDFQgLa17zU
                                                                                                                                                                                                                                                                      MD5:76F88D89643B0E622263AF676A65A8B4
                                                                                                                                                                                                                                                                      SHA1:93A365060E98890E06D5C2D61EFBAD12F5D02E06
                                                                                                                                                                                                                                                                      SHA-256:605C86145B3018A5E751C6D61FD0F85CF4A9EBF2AD1F3009A4E68CF9F1A63E49
                                                                                                                                                                                                                                                                      SHA-512:979B97AAC01633C46C048010FA886EBB09CFDB5520E415F698616987AE850FD342A4210A8DC0FAC1E059599F253565862892171403F5E4F83754D02D2EF3F366
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                                                                                      Entropy (8bit):5.353267174592179
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:7PHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8bg6Vf4A:hPcnB8KSsB34cb+bcOYpMCBDX
                                                                                                                                                                                                                                                                      MD5:D48BFFA1AF800F6969CFB356D3F75AA6
                                                                                                                                                                                                                                                                      SHA1:2A0D8968D74EBC879A17045EFE86C7FB5C54AEE6
                                                                                                                                                                                                                                                                      SHA-256:4AA5E9CE7A76B301766D3ECBB06D2E42C2F09D0743605A91BF83069FEFE3A4DE
                                                                                                                                                                                                                                                                      SHA-512:30D14AD8C68B043CC49EAFB460B69E83A15900CB68B4E0CBB379FF5BA260194965EF300EB715308E7211A743FF07FA7F8779E174368DCAA7F704E43068CC4858
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                                      Entropy (8bit):4.741247880746506
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:0F/1nb2mhQtkgU7L9D037tfcqgYvEJPb:u2f6L9DSJxgYvEJj
                                                                                                                                                                                                                                                                      MD5:4D9182783EF19411EBD9F1F864A2EF2F
                                                                                                                                                                                                                                                                      SHA1:DDC9F878B88E7B51B5F68A3F99A0857E362B0361
                                                                                                                                                                                                                                                                      SHA-256:C9F4C5FFCDD4F8814F8C07CE532A164AB699AE8CDE737DF02D6ECD7B5DD52DBD
                                                                                                                                                                                                                                                                      SHA-512:8F983984F0594C2CAC447E9D75B86D6EC08ED1C789958AFA835B0D1239FD4D7EBE16408D080E7FCE17C379954609A93FC730B11BE6F4A024E7D13D042B27F185
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                                      Entropy (8bit):5.212941287344097
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                                                                                                                                                      MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                                                                                                                                                      SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                                                                                                                                                      SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                                                                                                                                                      SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                                                                      Entropy (8bit):5.181291194389683
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                                                                                                                                                      MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                                                                                                                                                      SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                                                                                                                                                      SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                                                                                                                                                      SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                                                                      Entropy (8bit):5.140195114409974
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                                                                                                                                                      MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                                                                                                                                                      SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                                                                                                                                                      SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                                                                                                                                                      SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                                      Entropy (8bit):5.203867759982304
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                                                                                                                                                      MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                                                                                                                                                      SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                                                                                                                                                      SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                                                                                                                                                      SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                                      Entropy (8bit):5.478301937972917
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                                                                                                                                                      MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                                                                                                                                                      SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                                                                                                                                                      SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                                                                                                                                                      SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):18432
                                                                                                                                                                                                                                                                      Entropy (8bit):5.69608744353984
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                                                                                                                                                      MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                                                                                                                                                      SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                                                                                                                                                      SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                                                                                                                                                      SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):19456
                                                                                                                                                                                                                                                                      Entropy (8bit):5.7981108922569735
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                                                                                                                                                      MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                                                                                                                                                      SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                                                                                                                                                      SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                                                                                                                                                      SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):22016
                                                                                                                                                                                                                                                                      Entropy (8bit):5.865452719694432
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                                                                                                                                                      MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                                                                                                                                                      SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                                                                                                                                                      SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                                                                                                                                                      SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):22016
                                                                                                                                                                                                                                                                      Entropy (8bit):5.867732744112887
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                                                                                                                                                      MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                                                                                                                                                      SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                                                                                                                                                      SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                                                                                                                                                      SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):27136
                                                                                                                                                                                                                                                                      Entropy (8bit):5.860044313282322
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                                                                                                                                                      MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                                                                                                                                                      SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                                                                                                                                                      SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                                                                                                                                                      SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):27136
                                                                                                                                                                                                                                                                      Entropy (8bit):5.917025846093607
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                                                                                                                                                      MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                                                                                                                                                      SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                                                                                                                                                      SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                                                                                                                                                      SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                                                                                      Entropy (8bit):4.999870226643325
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                                                                                                                                                      MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                                                                                                                                                      SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                                                                                                                                                      SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                                                                                                                                                      SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                                                                      Entropy (8bit):5.025153056783597
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                                                                                                                                                      MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                                                                                                                                                      SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                                                                                                                                                      SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                                                                                                                                                      SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                                                      Entropy (8bit):5.235115741550938
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                                                                                                                                                      MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                                                                                                                                                      SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                                                                                                                                                      SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                                                                                                                                                      SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                                      Entropy (8bit):5.133714807569085
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                                                                                                                                                      MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                                                                                                                                                      SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                                                                                                                                                      SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                                                                                                                                                      SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):35840
                                                                                                                                                                                                                                                                      Entropy (8bit):5.928082706906375
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                                                                                                                                                      MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                                                                                                                                                      SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                                                                                                                                                      SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                                                                                                                                                      SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                                      Entropy (8bit):4.799063285091512
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                                                                                                                                                      MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                                                                                                                                                      SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                                                                                                                                                      SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                                                                                                                                                      SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):754688
                                                                                                                                                                                                                                                                      Entropy (8bit):7.624959985050181
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                                                                                                                                                      MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                                                                                                                                                      SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                                                                                                                                                      SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                                                                                                                                                      SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):27648
                                                                                                                                                                                                                                                                      Entropy (8bit):5.792654050660321
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                                                                                                                                                      MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                                                                                                                                                      SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                                                                                                                                                      SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                                                                                                                                                      SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):67072
                                                                                                                                                                                                                                                                      Entropy (8bit):6.060461288575063
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                                                                                                                                                      MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                                                                                                                                                      SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                                                                                                                                                      SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                                                                                                                                                      SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                                      Entropy (8bit):4.488437566846231
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                                                                                                                                                      MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                                                                                                                                                      SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                                                                                                                                                      SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                                                                                                                                                      SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                                      Entropy (8bit):4.730605326965181
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                                                                                                                                                      MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                                                                                                                                                      SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                                                                                                                                                      SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                                                                                                                                                      SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                                      Entropy (8bit):4.685843290341897
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                                                                                                                                                      MD5:8F4313755F65509357E281744941BD36
                                                                                                                                                                                                                                                                      SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                                                                                                                                                      SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                                                                                                                                                      SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):5653424
                                                                                                                                                                                                                                                                      Entropy (8bit):6.729277267882055
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS
                                                                                                                                                                                                                                                                      MD5:03A161718F1D5E41897236D48C91AE3C
                                                                                                                                                                                                                                                                      SHA1:32B10EB46BAFB9F81A402CB7EFF4767418956BD4
                                                                                                                                                                                                                                                                      SHA-256:E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
                                                                                                                                                                                                                                                                      SHA-512:7ABCC90E845B43D264EE18C9565C7D0CBB383BFD72B9CEBB198BA60C4A46F56DA5480DA51C90FF82957AD4C84A4799FA3EB0CEDFFAA6195F1315B3FF3DA1BE47
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d....~.a.........." .....(-..X)......X,.......................................V......YV...`A..........................................:.....h.;.......?......`=..8....V..'...PU.0p..p.5.T...........................`...8............@-.P...0.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                      Entropy (8bit):6.040548449175261
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:12288:cLokSyhffpJSf6VJtHUR2L2mVSvya6Lx15IQnpKTlYcf9WBo:cLok/pXJdUzOSMx15dcTlYiK
                                                                                                                                                                                                                                                                      MD5:B505E88EB8995C2EC46129FB4B389E6C
                                                                                                                                                                                                                                                                      SHA1:CBFA8650730CBF6C07F5ED37B0744D983ABFE50A
                                                                                                                                                                                                                                                                      SHA-256:BE7918B4F7E7DE53674894A4B8CFADCACB4726CEA39B7DB477A6C70231C41790
                                                                                                                                                                                                                                                                      SHA-512:6A51B746D0FBC03F57FF28BE08F7E894AD2E9F2A2F3B61D88EAE22E7491CF35AE299CDB3261E85E4867F41D8FDA012AF5BD1EB8E1498F1A81ADC4354ADACDAAB
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aM.F%,r.%,r.%,r.,T../,r..Ys.',r..Es.',r.1Gs.+,r.wYv.-,r.wYq.!,r.wYw.3,r.%,s.-*r.wYs.",r..Y{..,r..Yr.$,r..Y..$,r..Yp.$,r.Rich%,r.........................PE..d......d.........." .........p......t.....................................................`..............................................T...q..h...............................`\..`...T.......................(.......8................0...........................text............................... ..`.rdata..............................@..@.data...............................@....pdata...............`..............@..@.rsrc...............................@..@.reloc..`\.......^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\VCRUNTIME140.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):98224
                                                                                                                                                                                                                                                                      Entropy (8bit):6.452201564717313
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                                                                                                                                                                                                                      MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                                                                                                                                                                                                                      SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                                                                                                                                                                                                                      SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                                                                                                                                                                                                                      SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):37256
                                                                                                                                                                                                                                                                      Entropy (8bit):6.297533243519742
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                                                                                                                                                                                                                                      MD5:135359D350F72AD4BF716B764D39E749
                                                                                                                                                                                                                                                                      SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                                                                                                                                                                                                                                      SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                                                                                                                                                                                                                                      SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_asyncio.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):65304
                                                                                                                                                                                                                                                                      Entropy (8bit):6.192082137044192
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:owmuopcJpmVwR40axzEfRILOnMv7SySmPxe:owmu4/mR40axzEfRILOnw3xe
                                                                                                                                                                                                                                                                      MD5:33D0B6DE555DDBBBD5CA229BFA91C329
                                                                                                                                                                                                                                                                      SHA1:03034826675AC93267CE0BF0EAEC9C8499E3FE17
                                                                                                                                                                                                                                                                      SHA-256:A9A99A2B847E46C0EFCE7FCFEFD27F4BCE58BAF9207277C17BFFD09EF4D274E5
                                                                                                                                                                                                                                                                      SHA-512:DBBD1DDFA445E22A0170A628387FCF3CB95E6F8B09465D76595555C4A67DA4274974BA7B348C4C81FE71C68D735C13AACB8063D3A964A8A0556FB000D68686B7
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.../../../..../....../...*../...+../...,../.V..../....../....../.V."../.V./../.V..../.V.-../.Rich../.........PE..d.....,d.........." .....T..........`.....................................................`.........................................p...P.......d......................../...........v..T...........................pv..8............p...............................text...aR.......T.................. ..`.rdata...I...p...J...X..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_bz2.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):83736
                                                                                                                                                                                                                                                                      Entropy (8bit):6.595094797707322
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe
                                                                                                                                                                                                                                                                      MD5:86D1B2A9070CD7D52124126A357FF067
                                                                                                                                                                                                                                                                      SHA1:18E30446FE51CED706F62C3544A8C8FDC08DE503
                                                                                                                                                                                                                                                                      SHA-256:62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
                                                                                                                                                                                                                                                                      SHA-512:7DB4B7E0C518A02AE901F4B24E3860122ACC67E38E73F98F993FE99EB20BB3AA539DB1ED40E63D6021861B54F34A5F5A364907FFD7DA182ADEA68BBDD5C2B535
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.>...m...m...m.}<m...m.p.l...m.jRm...m.p.l...m.p.l...m.p.l...mup.l...m.}.l...m...m...mup.l...mup.l...mupPm...mup.l...mRich...m................PE..d.....,d.........." .........\..............................................P............`......................................... ...H...h........0....... ..,......../...@......`...T...............................8............................................text.............................. ..`.rdata...=.......>..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):181248
                                                                                                                                                                                                                                                                      Entropy (8bit):6.188683787528254
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:rZ1fKD8GVLHASq0TTjfQxnkVB0hcspEsHS7iiSTLkKetJb9Pu:rZNRGVb9TTCnaZsuMXiSTLLeD9
                                                                                                                                                                                                                                                                      MD5:EBB660902937073EC9695CE08900B13D
                                                                                                                                                                                                                                                                      SHA1:881537ACEAD160E63FE6BA8F2316A2FBBB5CB311
                                                                                                                                                                                                                                                                      SHA-256:52E5A0C3CA9B0D4FC67243BD8492F5C305FF1653E8D956A2A3D9D36AF0A3E4FD
                                                                                                                                                                                                                                                                      SHA-512:19D5000EF6E473D2F533603AFE8D50891F81422C59AE03BEAD580412EC756723DC3379310E20CD0C39E9683CE7C5204791012E1B6B73996EA5CB59E8D371DE24
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih..-..C-..C-..C$qMC!..C.|.B/..CKf#C)..C.|.B&..C.|.B%..C.|.B)..Cfq.B)..C.|.B...C-..C...C.|.B)..C$qKC,..C.|.B,..C.|!C,..C.|.B,..CRich-..C........PE..d.....e.........." .........@...............................................0............`..........................................g..l...|g..................H............ .......M...............................M..8............................................text...h........................... ..`.rdata..l...........................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_ctypes.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):123672
                                                                                                                                                                                                                                                                      Entropy (8bit):6.047035801914277
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:0OEESRiaiH6lU1vxqfrId0sx3gVILLPykxA:hj+I1vAfrIRx3gN
                                                                                                                                                                                                                                                                      MD5:1635A0C5A72DF5AE64072CBB0065AEBE
                                                                                                                                                                                                                                                                      SHA1:C975865208B3369E71E3464BBCC87B65718B2B1F
                                                                                                                                                                                                                                                                      SHA-256:1EA3DD3DF393FA9B27BF6595BE4AC859064CD8EF9908A12378A6021BBA1CB177
                                                                                                                                                                                                                                                                      SHA-512:6E34346EA8A0AACC29CCD480035DA66E280830A7F3D220FD2F12D4CFA3E1C03955D58C0B95C2674AEA698A36A1B674325D3588483505874C2CE018135320FF99
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............d...d...d.......d...e...d...a...d...`...d...g...d.d.e...d...`...d...e...d.:.e...d...e.I.d.d.i...d.d.d...d.d...d.d.f...d.Rich..d.........................PE..d.....,d.........." ................@Z..............................................!.....`..........................................P.......P..................D......../..............T...........................0...8...............H............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_decimal.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):254744
                                                                                                                                                                                                                                                                      Entropy (8bit):6.564308911485739
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:6144:3LT2sto29vTlN5cdIKdo4/3VaV8FlBa9qWMa3pLW1A/T8O51j4iab9M:H2s/9vTlPcdk4vVtFU98iIu
                                                                                                                                                                                                                                                                      MD5:20C77203DDF9FF2FF96D6D11DEA2EDCF
                                                                                                                                                                                                                                                                      SHA1:0D660B8D1161E72C993C6E2AB0292A409F6379A5
                                                                                                                                                                                                                                                                      SHA-256:9AAC010A424C757C434C460C3C0A6515D7720966AB64BAD667539282A17B4133
                                                                                                                                                                                                                                                                      SHA-512:2B24346ECE2CBD1E9472A0E70768A8B4A5D2C12B3D83934F22EBDC9392D9023DCB44D2322ADA9EDBE2EB0E2C01B5742D2A83FA57CA23054080909EC6EB7CF3CA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........76..VX..VX..VX.....VX..#Y..VX..#]..VX..#\..VX..#[..VX.t#Y..VX...Y..VX..VY.+VX.t#[..VX.t#U..VX.t#X..VX.t#...VX.t#Z..VX.Rich.VX.........................PE..d.....,d.........." .....|...:.......................................................r....`..........................................T..P...0U...................'......./......<...0...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_hashlib.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):64792
                                                                                                                                                                                                                                                                      Entropy (8bit):6.223467179037751
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:/smKJPganCspF1dqZAC2QjP2RILOIld7SyEPxDF:/smKpgNoF1dqZDnjP2RILOIv2xB
                                                                                                                                                                                                                                                                      MD5:D4674750C732F0DB4C4DD6A83A9124FE
                                                                                                                                                                                                                                                                      SHA1:FD8D76817ABC847BB8359A7C268ACADA9D26BFD5
                                                                                                                                                                                                                                                                      SHA-256:CAA4D2F8795E9A55E128409CC016E2CC5C694CB026D7058FC561E4DD131ED1C9
                                                                                                                                                                                                                                                                      SHA-512:97D57CFB80DD9DD822F2F30F836E13A52F771EE8485BC0FD29236882970F6BFBDFAAC3F2E333BBA5C25C20255E8C0F5AD82D8BC8A6B6E2F7A07EA94A9149C81E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..b?..b?..b?......b?..>..b?..:..b?..;..b?..<..b?.2.>..b?..>..b?.7.>..b?..b>.pb?.2.2..b?.2.?..b?.2....b?.2.=..b?.Rich.b?.........PE..d.....,d.........." .....P...........<....................................................`............................................P...0............................/......T....k..T............................k..8............`.. ............................text....N.......P.................. ..`.rdata..4P...`...R...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_lzma.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):158488
                                                                                                                                                                                                                                                                      Entropy (8bit):6.8491143497239655
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:j0k3SXjD9aWpAn3rb7SbuDlvNgS4fWqEznfo9mNoFTSlXZ8Ax5ILZ1GIxq:j0kiXjD9v8X7Euk4wYOFTafxn
                                                                                                                                                                                                                                                                      MD5:7447EFD8D71E8A1929BE0FAC722B42DC
                                                                                                                                                                                                                                                                      SHA1:6080C1B84C2DCBF03DCC2D95306615FF5FCE49A6
                                                                                                                                                                                                                                                                      SHA-256:60793C8592193CFBD00FD3E5263BE4315D650BA4F9E4FDA9C45A10642FD998BE
                                                                                                                                                                                                                                                                      SHA-512:C6295D45ED6C4F7534C1A38D47DDC55FEA8B9F62BBDC0743E4D22E8AD0484984F8AB077B73E683D0A92D11BF6588A1AE395456CFA57DA94BB2A6C4A1B07984DE
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.M...M...M...D..I.......O.......F.......E.......N.......N.......O...M...(.......w.......L.......L.......L...RichM...................PE..d...&.,d.........." .....`..........p3...............................................4....`.............................................L.......x....`.......@.......<.../...p..D...H{..T............................{..8............p...............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`.......0..............@..@.reloc..D....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_multiprocessing.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):34584
                                                                                                                                                                                                                                                                      Entropy (8bit):6.41423936733334
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:eZt56pxGyC572edLMILWt3u5YiSyvCVPxWElj:eL5PyC572edLMILWt3E7SyqPx3
                                                                                                                                                                                                                                                                      MD5:A9A0588711147E01EED59BE23C7944A9
                                                                                                                                                                                                                                                                      SHA1:122494F75E8BB083DDB6545740C4FAE1F83970C9
                                                                                                                                                                                                                                                                      SHA-256:7581EDEA33C1DB0A49B8361E51E6291688601640E57D75909FB2007B2104FA4C
                                                                                                                                                                                                                                                                      SHA-512:6B580F5C53000DB5954DEB5B2400C14CB07F5F8BBCFC069B58C2481719A0F22F0D40854CA640EF8425C498FBAE98C9DE156B5CC04B168577F0DA0C6B13846A88
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........sF.. F.. F.. O.k D.. ...!D.. ...!J.. ...!N.. ...!E.. ...!D.. F.. ... ...!C.. ...!D.. ...!G.. ... G.. ...!G.. RichF.. ................PE..d.....,d.........." .........<......0.....................................................`.........................................0D..`....D..x....p.......`.......X.../..........P3..T............................3..8............0...............................text............................... ..`.rdata..L....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_overlapped.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):49944
                                                                                                                                                                                                                                                                      Entropy (8bit):6.381980613434177
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:8AM30ie6tyw0lTnj1TulWXaSV2cFVNILXtP5YiSyvWPxWElh7:8AM3hacSV2UNILXth7SyuPxd7
                                                                                                                                                                                                                                                                      MD5:FDF8663B99959031780583CCE98E10F5
                                                                                                                                                                                                                                                                      SHA1:6C0BAFC48646841A91625D74D6B7D1D53656944D
                                                                                                                                                                                                                                                                      SHA-256:2EBBB0583259528A5178DD37439A64AFFCB1AB28CF323C6DC36A8C30362AA992
                                                                                                                                                                                                                                                                      SHA-512:A5371D6F6055B92AC119A3E3B52B21E2D17604E5A5AC241C008EC60D1DB70B3CE4507D82A3C7CE580ED2EB7D83BB718F4EDC2943D10CB1D377FA006F4D0026B6
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........K..%..%..%.....%...$..%... ..%...!..%...&..%...$..%..$...%...$..%...!..%...(..%...%..%......%...'..%.Rich.%.........PE..d.....,d.........." .....>...X...... .....................................................`.........................................0w..X....w.........................../..........`U..T............................U..8............P...............................text....<.......>.................. ..`.rdata..F4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_queue.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):31512
                                                                                                                                                                                                                                                                      Entropy (8bit):6.563116725717513
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:bxrUGCpa6rIxdK/rAwVILQU85YiSyvz5PxWEaAc:trUZIzYrAwVILQUG7SydPxDc
                                                                                                                                                                                                                                                                      MD5:D8C1B81BBC125B6AD1F48A172181336E
                                                                                                                                                                                                                                                                      SHA1:3FF1D8DCEC04CE16E97E12263B9233FBF982340C
                                                                                                                                                                                                                                                                      SHA-256:925F05255F4AAE0997DC4EC94D900FD15950FD840685D5B8AA755427C7422B14
                                                                                                                                                                                                                                                                      SHA-512:CCC9F0D3ACA66729832F26BE12F8E7021834BBEE1F4A45DA9451B1AA5C2E63126C0031D223AF57CF71FAD2C85860782A56D78D8339B35720194DF139076E0772
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a............................................V...................V......V......V......V......Rich....................PE..d.....,d.........." .........6......................................................N.....`.........................................@C..L....C..d....p.......`.......L.../...........3..T...........................p3..8............0.. ............................text...~........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_socket.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):79128
                                                                                                                                                                                                                                                                      Entropy (8bit):6.284790077237953
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:ZmtvsXhgzrojAs9/s+S+pGLypbyxk/DDTBVILLwX7SyiPx9:c56OzyAs9/sT+pGLypb+k/XFVILLwX4f
                                                                                                                                                                                                                                                                      MD5:819166054FEC07EFCD1062F13C2147EE
                                                                                                                                                                                                                                                                      SHA1:93868EBCD6E013FDA9CD96D8065A1D70A66A2A26
                                                                                                                                                                                                                                                                      SHA-256:E6DEB751039CD5424A139708475CE83F9C042D43E650765A716CB4A924B07E4F
                                                                                                                                                                                                                                                                      SHA-512:DA3A440C94CB99B8AF7D2BC8F8F0631AE9C112BD04BADF200EDBF7EA0C48D012843B4A9FB9F1E6D3A9674FD3D4EB6F0FA78FD1121FAD1F01F3B981028538B666
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:...:...:...3.i.<...h...8...h...6...h...2...h...9.......8...:.......q...=.......;.......;.......;.......;...Rich:...........PE..d.....,d.........." .....l...........%.......................................P............`.............................................P............0....... ..<......../...@..........T..............................8............................................text...fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_sqlite3.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):99096
                                                                                                                                                                                                                                                                      Entropy (8bit):6.20839125500957
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:jWlym6NVj508Vp22J8Ck+sOwpI5NbTAWac4LdyR+KSSRILOQd7SywcPxC:f5p/mCk+sQvb0dc2o2SRILOQdWMxC
                                                                                                                                                                                                                                                                      MD5:5279D497EEE4CF269D7B4059C72B14C2
                                                                                                                                                                                                                                                                      SHA1:AFF2F5DE807AE03E599979A1A5C605FC4BAD986E
                                                                                                                                                                                                                                                                      SHA-256:B298A44AF162BE7107FD187F04B63FB3827F1374594E22910EC38829DA7A12DC
                                                                                                                                                                                                                                                                      SHA-512:20726FC5B46A6D07A3E58CDF1BED821DB57CE2D9F5BEE8CFD59FCE779C8D5C4B517D3EB70CD2A0505E48E465D628A674D18030A909F5B73188D07CC80DCDA925
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V/\.8|\.8|\.8|U..|Z.8|..9}^.8|:..|].8|..=}P.8|..<}T.8|..;}_.8|..9}Y.8|..9}^.8|\.9|..8|..5}U.8|..8}].8|...|].8|..:}].8|Rich\.8|................PE..d...#.,d.........." ................`................................................!....`.........................................@...P....................`..D....T.../..........l...T...............................8...............X............................text............................... ..`.rdata...p.......r..................@..@.data...<....@......................@....pdata..D....`.......2..............@..@.rsrc................F..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\_ssl.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):160536
                                                                                                                                                                                                                                                                      Entropy (8bit):6.027748879187965
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:OwYiZ+PtocHnVXhLlasuvMETxoEBA+nbUtGnBSonJCNI5ILC7Gax1:FYk+PtocHVxx/uvPCEwhGJ
                                                                                                                                                                                                                                                                      MD5:7910FB2AF40E81BEE211182CFFEC0A06
                                                                                                                                                                                                                                                                      SHA1:251482ED44840B3C75426DD8E3280059D2CA06C6
                                                                                                                                                                                                                                                                      SHA-256:D2A7999E234E33828888AD455BAA6AB101D90323579ABC1095B8C42F0F723B6F
                                                                                                                                                                                                                                                                      SHA-512:BFE6506FEB27A592FE9CF1DB7D567D0D07F148EF1A2C969F1E4F7F29740C6BB8CCF946131E65FE5AA8EDE371686C272B0860BD4C0C223195AAA1A44F59301B27
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.-...-...-.....-...,...-...(...-...)...-.......-.W.,...-.R.,...-...,...-...,...-.W. ...-.W.-...-.W....-.W./...-.Rich..-.................PE..d.....,d.........." ................l*..............................................%.....`.............................................d...........`.......P.......D.../...p..8.......T...............................8............................................text...(........................... ..`.rdata..6...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                                                                                                                      Entropy (8bit):2.6628617474172764
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsPfiQnzhUag9ijUW5V2dCt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yNDVqif5VG+0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:3127E73E09B2F660DBB1B6A3E23159CA
                                                                                                                                                                                                                                                                      SHA1:D121DE4D3CC1788317015F61B3ABCEA651830C2C
                                                                                                                                                                                                                                                                      SHA-256:A3DB4ACA7B1BA6F802DF24916F086E4A803093FFB29F8902C18B8A09AA18DDCB
                                                                                                                                                                                                                                                                      SHA-512:8DAF52FDDB4066FD4106FAB0C1C34E7BAB4522230090242783ED1838A49DA3DE9453C4CB8379C03112B9C1D353CC3C32E0EEF20890429F62209082ADE9464CB5
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d...U..R.........." .........................................................@.......E....`.......................................................... .......................0.......................................................................................text...R........................... ..`.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):2.882197047443729
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsYKfi8i6XMLadivMCt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yND9i1aQM+0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:727E82D02106289000923BEF8916771B
                                                                                                                                                                                                                                                                      SHA1:5E5EDAD1487E1553D8017F49B54289162ED3A516
                                                                                                                                                                                                                                                                      SHA-256:93EBCE911997392650AEE0F22B72687787C55C7A4A731724A58C45DC3E1F6CC6
                                                                                                                                                                                                                                                                      SHA-512:EC8A3FAA00463DB6BF24E7CB764FD6A17F4A3DF4CD21810EEEF5F2684C0CAB0C1CB2BAFB5074FE3641CFEE2814E0DEFA938FC9A881ED7DBD5C1B34EDE9858946
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text...@........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):2.88260639419467
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsYKficNdHd1LDZrt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yND1vd51p0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:2882B2BCD74B4D79E21F5349DA2931BC
                                                                                                                                                                                                                                                                      SHA1:EBEAFF6F40EA6148193A9CC3368E8D9894FD53D4
                                                                                                                                                                                                                                                                      SHA-256:DCAFA02C5E11D38C590754EE6A23DC65C3342308BB28435EFB75DE914F2B3652
                                                                                                                                                                                                                                                                      SHA-512:3D8E97F67217ED52C60B0FB871E2D0FA163FE1A1FB42C2888813D496FAE9EF621F8DAEED7984F8368D3B6DE45857013DF5D77E1694CFD5F4D95BC219BEF82FD1
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......|.....`.......................................................... ...............................................................................................................text...D........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):3.122640357315768
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsmfiL3YmDU47v7mt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yND93YmJDu0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:94671F5B4C8CBAAA25B6948B9AF8EACD
                                                                                                                                                                                                                                                                      SHA1:71AD4F949F80EFCA1BB493F6678C8AFEEB923646
                                                                                                                                                                                                                                                                      SHA-256:5EB1C0679756B46C57ACAF600246CEFF260B88F602215E4A94231EF0C30B0AF7
                                                                                                                                                                                                                                                                      SHA-512:10247A1F40F429EF22B68C51C9DF4CFF7C64F79FE09485A1A7F4FD6FD3F9B13801F6336ED6A7C1804918DC1E78660F6F4126C8052BFC0CFF15906C941BBEE12C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4608
                                                                                                                                                                                                                                                                      Entropy (8bit):4.055566723347685
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:xNLrSSLH7v0xB9EiEsX0/Fj6a0EW4UohWw:GgbvLFmMW4UohW
                                                                                                                                                                                                                                                                      MD5:AA766B098462EFF6F0F129B5C6EF1C5E
                                                                                                                                                                                                                                                                      SHA1:3BE25B0D330586A08C317D97EA139D096B35B0B6
                                                                                                                                                                                                                                                                      SHA-256:34790E8F47A8F478A4BA4F89695CEA1BE64D16FF416542EC3036ACB5633009ED
                                                                                                                                                                                                                                                                      SHA-512:3FD9E39CD161E164C9C3F42140A5659F516416985238F93C97BFA9079AB203CD7F920C675FC891FDDCAB683C52D876838CB623C26D7A3C8B7A0C1799DCFADA11
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......H.....`.............................................l............ ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4608
                                                                                                                                                                                                                                                                      Entropy (8bit):4.150522550420316
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:xNUEI/Sqv0pB9EiEsX0/FPg7aaEW4UohWw:qPvVFM0W4UohW
                                                                                                                                                                                                                                                                      MD5:CB3E0DD38C444938CE1C189AADD29A3F
                                                                                                                                                                                                                                                                      SHA1:45B985CCD1D30C67C757580D4E9ABE6CA7BE4DD7
                                                                                                                                                                                                                                                                      SHA-256:B2D983883AFD758913A7DB54222A2DB4BFEB1051B0C0F92E8FAAE93C0BC90FC4
                                                                                                                                                                                                                                                                      SHA-512:CDE637E676819A05CFE6F757BCB6A1ACA72BD7D4422E7CEDFBF9D8BA42B47EAC7868A821FCE93E6D0F1DE20672A8DE7362F9DBA0066DB812C74E060134FC293E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......cK....`.......................................................... ...............................................................................................................text...a........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):3.3090252342831525
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsIifiH/rmyCt68q88vjRaBl8oIF6t0vOIZW0H3NNfBI5KV9h7r35WWdPm:6yNDIFvvjRLF20GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:4A18BEDA5038C5203993191431B98D62
                                                                                                                                                                                                                                                                      SHA1:FACBA10698A89A42C0E419BAC056366E809DEDC0
                                                                                                                                                                                                                                                                      SHA-256:3144BCCC1385EFC1FF204442A5AECC0A990776341A268FAD15AA605449FCA04A
                                                                                                                                                                                                                                                                      SHA-512:FD4A1963BABE134202C5B9C97B8A83C0DC1C7E58F04A5CB12F6CCF7AE6AC41F13303FB3D01052E2B670805A7E2D21C193EE888E98E68054DD52B9BDC636A7597
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.............................................p............ ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):2.896310093891118
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsmfiyL5Lczve21t0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yNDgLVM70GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:D525807D6A2D16BD9B8B22FFE99B7C26
                                                                                                                                                                                                                                                                      SHA1:2F78DF1D946A2DE936C3F9B6CC88FE401AA74B72
                                                                                                                                                                                                                                                                      SHA-256:1AB5FE4396F72938193A8CE5E18FCB522F84DD24591F39EC1302FC822F875496
                                                                                                                                                                                                                                                                      SHA-512:013B2C635E6BE446096DE81A2003E1F65658D203F5F6EAE3477CD54EA5FF3EEC929ED41CF6E33A61AAA201CA920CDF9F96EB34EB8EBD526146D2DA2910A3A9D1
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......Y.....`.......................................................... ...............................................................................................................text...H........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                                                                                      Entropy (8bit):2.9388357019694578
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDPd8H0A/MmKO0GIZWUnfBI56h/5Wwa:xNB8H0QKIEW4UohWw
                                                                                                                                                                                                                                                                      MD5:065DFF75D5E5A28BBF5B2E1B7B3FBF5C
                                                                                                                                                                                                                                                                      SHA1:C4DC31EA4888E5E7CA5E8155F0EAFE25AD781073
                                                                                                                                                                                                                                                                      SHA-256:59D807FE256FC61866EE54DC4F18BB4F8901D902F7E23B15ECBF7B7A4DC6FC5F
                                                                                                                                                                                                                                                                      SHA-512:067AE4CAB058BE6BFCA080C95EA5123413E11B7FF6A84ECCC10D750FAC2719EE5D86A6362D0D4155B54ACE6C4D44D7A55B627236EBEA7D3FD0B9620ED2F10A57
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text...@........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):3.1486143068427404
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsbfm7zuGsTyCy9yht0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yNDaeRWL070GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:D0DA5A427B151F8C524948D13C51CAB4
                                                                                                                                                                                                                                                                      SHA1:A51AC6BA7814188B669C7ABBFDEE535D798F05E1
                                                                                                                                                                                                                                                                      SHA-256:65912B7D8AD3423AD4609B9E2E3C262647D5273706796F043C9B515F1E8C78F2
                                                                                                                                                                                                                                                                      SHA-512:01EF7F3C43AC8E81E25EDD324F56F7916FF990CF7350F582A0E2CE67ED54F584BB72D95D8FAF129964351771F5099E36E8F02F1B067CF05B3349B64EA696BCDE
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......C.....`.......................................................... ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                                                                                                                      Entropy (8bit):3.3515580419915065
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDmvBIAAz464UzyLzX8Guw30GIZWUnfBI56h/5Wwa:xN6CAGZ4dLLF5EW4UohWw
                                                                                                                                                                                                                                                                      MD5:465C8CA52D6A5EBB8CDDDADDCC6255C2
                                                                                                                                                                                                                                                                      SHA1:D51DB3B2382A0457533350E687489D91A229E5E8
                                                                                                                                                                                                                                                                      SHA-256:E68FF1811BFE8CD7682C45A1D562C90CCB35A70971CD75D195C7773D668E1DC4
                                                                                                                                                                                                                                                                      SHA-512:0641EF1524C00183C0693EE301AB0D982D4BA4BDC1326294D20A9CDD8F5C1AF16A0038C6FD11D490A1DB09221C6729FE03E6329A4262D6055BB5B37B32F8B393
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                                                                                                      Entropy (8bit):3.9725650409834805
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:xNLZtDm4wUO3xd38ZoO5e/Vf1EW4UohWw:DDmzF3xd3soMe/VfuW4UohW
                                                                                                                                                                                                                                                                      MD5:3018F5B28A9E26395B7933EBCFD6F40C
                                                                                                                                                                                                                                                                      SHA1:EA38F03430F1A54E9B37E9694EABC7487B6E7201
                                                                                                                                                                                                                                                                      SHA-256:0C62B8AB1E5F30D4A9EADCD412677E0AB5E4E9304F0870A4EE562F08D09CCC7E
                                                                                                                                                                                                                                                                      SHA-512:F9A81F4565D083F30049EE8E4C4DA996BA86C7C20E58D3DCD102EB41AB58C6D94941545EA2EE3AA538D352847EFDD84376144FF852BDEF4EA3C54DAB4E5CED47
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text...9........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                                                                                      Entropy (8bit):3.048082140085007
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yND/ktxyrq9TqXFL0GIZWUnfBI56h/5Wwa:xNEpCEW4UohWw
                                                                                                                                                                                                                                                                      MD5:DB31BDB3725819FC5C5DF30C608673C3
                                                                                                                                                                                                                                                                      SHA1:5253F48E153B9C722ACAC8EE558E9A6091F5EE3E
                                                                                                                                                                                                                                                                      SHA-256:3115632C9BEA1CCDEB7747689AA65FA36291788339793FCE306AFB03CA748A6C
                                                                                                                                                                                                                                                                      SHA-512:5DB501B57D129511AFA868716D82F27B8505BE5C0E2EDB5C1509B38B2537F14586DA71C4424055BFE1B812F333E3F30D63E52501700CCDF848A37E49A0235CBD
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......V'....`.......................................................... ...............................................................................................................text...s........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                                                                                      Entropy (8bit):2.8930005018666094
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwshfiSFx2t6QmZWhDKt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yND7FxImUBG0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:A8D532500495D617CA1B9F5525494486
                                                                                                                                                                                                                                                                      SHA1:9542CCB68FD7E5337953C25FB33589C486D98788
                                                                                                                                                                                                                                                                      SHA-256:C0D62D6A9350E66FB144E297C49AE2A8EFB997148807A60DBAC1AA95C88FA8F4
                                                                                                                                                                                                                                                                      SHA-512:68CDFCF37A60931567F341C4B1CF2751123A90733622DAA1C02D2A8937B32D7FAA4537FC4F93D238CFF6F2FAB11F7710C1DC15812D1BA028898F8A4DFB0CD10D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......T.....`.......................................................... ...............................................................................................................text...$........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-path-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                                                                                      Entropy (8bit):3.4773069631384943
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDI+i4e4J3Wm0GIZWUnfBI56h/5Wwa:xNz/LJGwEW4UohWw
                                                                                                                                                                                                                                                                      MD5:2CD77F6E2FA6A502E352369426EAE1C1
                                                                                                                                                                                                                                                                      SHA1:ABB54114F3677944AF582AFB6EA1F4A7785537C8
                                                                                                                                                                                                                                                                      SHA-256:E39CA111D81E6E5D90CF13FA0AEE525D8A2740B84D2C5CD378DD69E4F79F8B0F
                                                                                                                                                                                                                                                                      SHA-512:47D47A49B8F89F64BD0D4BDA344456784E8B0721F9BA32CE3B88E6DD5BEC06BFB781DC44495AC17B4C50DFE679E1D18594FA91CCDFA26BED055A2C4A5C7C2906
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text...Z........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                                                                                                                      Entropy (8bit):3.1744405946373884
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsFAfiuByBrAl5i7AjgGCXTW2RSt0vOIZW0H3NNfBI5KV9h7r35WWdPOP5:6yNDoBxC/DW2k0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:9CE4F24EFDF1A23BD71206B870B2A049
                                                                                                                                                                                                                                                                      SHA1:2FAAC945038E108B21C5F9A0C175622F65F30072
                                                                                                                                                                                                                                                                      SHA-256:F4CAE758D318B23E76DDF50202768F4CBEA9CC16D36114F4CECB15957206E4AF
                                                                                                                                                                                                                                                                      SHA-512:86C4DB450BD26BFA007C032514E862A026E0317A48D1B05CF489B30B33985F01B98EAFFF2073D86028622694599070D80C95AE6B4C31B4832C55C6261575019C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................@......XO....`.......................................................... .......................0.......................................................................................text............................... ..`.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                                                                                                      Entropy (8bit):3.6646599177824277
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yND741LTNEfWeKB+vpgge6gig8YSzYFTdshgW9M2PkSV0GIZWUnfBI56h/5Wwa:xNkL5uYFT4sMEW4UohWw
                                                                                                                                                                                                                                                                      MD5:624033B39B9C5E1EB13D5EDE2D213DDF
                                                                                                                                                                                                                                                                      SHA1:055995C888275105E3560F07A2442E28295588F6
                                                                                                                                                                                                                                                                      SHA-256:83A0079FBF50719B46275F9CC5675A299C987862BA7AD3AD0EE5F6E714400AF5
                                                                                                                                                                                                                                                                      SHA-512:1200DAEC55E5F5E80489022EFE3EE67BAAE64278F9289E828DEB8A3507355E2D643E9FEFA7CF21C2056B4C5458270EF605697F38C3F3CACD41D23E3DED3C7EF8
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text...S........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4608
                                                                                                                                                                                                                                                                      Entropy (8bit):3.8301031830183545
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDZxfBPLJfSAQOr0xfWeKBKvpgp5ae6lgig8YHSzOYFlbTSOgoshgW9MTscPkM:xNLZjJfZiOYFtTScsaEW4UohWw
                                                                                                                                                                                                                                                                      MD5:004F7F67994DE33959D6480EF4D4F515
                                                                                                                                                                                                                                                                      SHA1:76E83DB625D504D1FEEC5DEC918552F9EC51C4C3
                                                                                                                                                                                                                                                                      SHA-256:053A83B3F8AC76232952BDB8FB5C5067F06BA48F82B474829C25326ADBD26361
                                                                                                                                                                                                                                                                      SHA-512:D187950683C79B1DFFE4432FB476071A203CB14D7987377F71538B81FD36077F181FB7D64E9E4E30099F239764E6CBB501B65C095CD4532BC0B2AB9FBD7755A3
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0.......h....`.............................................~............ ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):2.8232034329252635
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsefiSlM+6e464Tt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yNDQkGi0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:0B786FA5D778E0EA9A2175263320EE8C
                                                                                                                                                                                                                                                                      SHA1:83553AC046847AB0C852403E512E748B73BE5DEC
                                                                                                                                                                                                                                                                      SHA-256:A124C3F8402636219E06BEB708D8BE67F6DBAA7FF4F6D402B50734230FCFBA1B
                                                                                                                                                                                                                                                                      SHA-512:BB29F985653105E23F52F381BEF5AC1F8D1A34D1ECA4678F50FC6F308860104D073FC1551F42AE4F460C32366E95C95F7D9BF84B34B7FF48BD3921904F94607A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......\.....`.......................................................... ...............................................................................................................text...!........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                                                                                      Entropy (8bit):3.1480446592927986
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNws1fiiouyzD6OXeRrZRrW7JYEFkt0vOIZW0H3NNfBI5KV9h7r35WWdPOP5:6yNDTolS9s7er0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:7DB9F8A411F116BA765000E6500FB926
                                                                                                                                                                                                                                                                      SHA1:4267018A03D814B8963AB1E256EE9EA8F0A33FED
                                                                                                                                                                                                                                                                      SHA-256:F8DD900D459335EEDBE3855F1BA7858E19DFC0D348EBD25E6548D4ECB0DA61B1
                                                                                                                                                                                                                                                                      SHA-512:54F4C79747E2DE6F26BEF354A4328FE7F596B8D8AC0F2C14220E8998A1980553A09BCA61756316E12846B502CACC45AB4F90EFCFF0DEB3C9E39037E5CC52556C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......>#....`.......................................................... ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):3.138497775886639
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsYfiAutvEKJMwidPCt0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yND0aEKJMBg0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:C8196CD707F4A41C4A763B8E6D2EDE7A
                                                                                                                                                                                                                                                                      SHA1:371BE162F04E7742246C0D9C9B2AD31A25043978
                                                                                                                                                                                                                                                                      SHA-256:B5082680B5CA71FDEA49E8E23EFBDA2B72F6E1B1A48782B4B63530EE7BE19A2C
                                                                                                                                                                                                                                                                      SHA-512:3690D87E9EDDF0DE7D71BFBAB831D80009B572E5C2F181FB23B2966D1249861AEFF61EBBB16E46836697B443A0C1AF2CFDFC930E9F010B613337ED5AC475A306
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`............................................."............ ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                                                                                                                      Entropy (8bit):3.876206600228689
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDZrZ6C1nFLrNLZoVdt6zsS0GIZWUnfBI56h/5Wwa:xNB1ntZOV76zskEW4UohWw
                                                                                                                                                                                                                                                                      MD5:4219B20D53C2C6B533AE93ED45876351
                                                                                                                                                                                                                                                                      SHA1:8973762E7C4ACE85A1D9AAA1DD35FAC6BD48C0ED
                                                                                                                                                                                                                                                                      SHA-256:C75A838FF92199678DF2AD04A31F609309967CF6B66D34C58D26EB3909E6DAA5
                                                                                                                                                                                                                                                                      SHA-512:B73FC539D6A36E38A557D3DCF44FABD1500CCEA9C9C10C0101104B10D1923E46CD78BE0791B9FCBB1603DA7A1CCD33E6A3E3B807BC5F5448D24E44351B5E100D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......>.....`.......................................................... ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                                                                                                      Entropy (8bit):4.1029530268218615
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDcZn8RBziHC1HrN3gGDrNLZoVG+t6zsZsd0GIZWUnfBI56h/5Wwa:xNk8Rv1LN3gGfZOVT6zsiEW4UohWw
                                                                                                                                                                                                                                                                      MD5:BC03011A527274767EFFD05F90D26011
                                                                                                                                                                                                                                                                      SHA1:56659C88000FF70422E818AD827FDCB01F036DE2
                                                                                                                                                                                                                                                                      SHA-256:7F840E721C8CD073631F03159565219D24128EACA905668CFC7394889B908B9E
                                                                                                                                                                                                                                                                      SHA-512:600D1163FFB6B7244770A67F2A543B387A33940178DBBC010AD8C5A5E32872BB0D065E1DCF5A985174577922762CCD2B462CF40C1D4D6DC99E07D22DAAEE098A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0............`.......................................................... ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                                                                                                                      Entropy (8bit):3.423565618533835
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:6yNDxvSGZaed+oABAmCpLOJ0GIZWUnfBI56h/5Wwa:xNUGZaewoMAIEW4UohWw
                                                                                                                                                                                                                                                                      MD5:705476AAA1EF452E50C61FA56F84D919
                                                                                                                                                                                                                                                                      SHA1:F86ADA80B5C2C528FB328D1AAACC817E538CCC85
                                                                                                                                                                                                                                                                      SHA-256:1D7A5A3CD3185D839D31C83DCB2192A08A80C4A7EC17EAE550AB5A4D84B189D9
                                                                                                                                                                                                                                                                      SHA-512:DB6FDEC0F758A955A4FA888571AD2496F072D9F580895628AA2DA143DAA4F64C9FBDF5D9A6950BC06CA5F69395C04515D77C1EE45744C4E7600C1E5DD4CD559E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......9.....`.......................................................... ...............................................................................................................text...G........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                                                                                      Entropy (8bit):3.277308210140252
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsKfiSpd3mtbfb5OjeuOI/t0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yND2ZmZftOR0GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:A84F802749AE5A0AA522F203ECE20B7F
                                                                                                                                                                                                                                                                      SHA1:3C631CE4107B2FFC9A4A06C16D41D7D0EA0A9B2F
                                                                                                                                                                                                                                                                      SHA-256:E4D28023ECA5BD147AC645048B18BD7272735DA10C30C2DBC83CD1C96703D869
                                                                                                                                                                                                                                                                      SHA-512:52B68A300AE56EB8A3B3F811CC7368AFE5D4F1E8EE37B6FDAE0878978952041BD5467EAAAEC23AAB12C1735ED3AFD8134B2171B633EE1DAE3B159E99D765A71D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0.......w....`.............................................O............ ...............................................................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                                      Entropy (8bit):2.9176290854155225
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:etGSyNwsqfiMp1Ppf76t0vOIZW0H3NNfBI5KV9h7r35WWdPOPNj:6yNDKpFpj20GIZWUnfBI56h/5Wwa
                                                                                                                                                                                                                                                                      MD5:2D8249636011CF1467BE41C8BDF7C765
                                                                                                                                                                                                                                                                      SHA1:C7EDAF6444690DB617F58B0506DD979E1F2314A4
                                                                                                                                                                                                                                                                      SHA-256:84CE120AAE88DD77A71C30630D409382F2AD22B11BE4CCEDD1800C4BB2CA4937
                                                                                                                                                                                                                                                                      SHA-512:4732C247B6505C48A41A0C5BA933F2C7DC63301F09FF891F2E50EF765C3EAE00D520D9E08CB5229D6E90048AA826CAF34A282B5FB80F10A63EE987A60836F9EF
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S!..2O..2O..2O.....2O.....2O.....2O.....2O.Rich.2O.........PE..d......R.........." .........................................................0......-.....`.......................................................... ...............................................................................................................text...S........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12640
                                                                                                                                                                                                                                                                      Entropy (8bit):6.624415323652051
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:EFW+NhW76T71ojDBQABJdZqnajxcRGlP6ZqDPD:EFW+NhW77DBRJdZll7P6gzD
                                                                                                                                                                                                                                                                      MD5:ED14B64C94F543974B7FDC592FA0594B
                                                                                                                                                                                                                                                                      SHA1:DC66CA3DE44C021D89EBD5160C447AAEDC565514
                                                                                                                                                                                                                                                                      SHA-256:9165248996814B72F6A334750E65994B39F971267FFC95F759E529356FA3125C
                                                                                                                                                                                                                                                                      SHA-512:5D20BEDCFB8D2F603B3F27D874A9E0E3A7CA7DF4809AAB52B02AF630C0037B37923536CC93C78C9DEB014DF28E378D16D67E99688F8B656E3E7BFD1E2E914DCC
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0............`.........................................`................ ..................`!..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):15712
                                                                                                                                                                                                                                                                      Entropy (8bit):6.426359057559649
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:alUcyiW+NhWZT71ojDBQABJctYDqnajsl/cKfX:oDyiW+NhWCDBRJcyDlPKf
                                                                                                                                                                                                                                                                      MD5:1908861649E67CDC20C563C234A89914
                                                                                                                                                                                                                                                                      SHA1:471AE3B9A3B40E63C880362892865ECF8BD80F67
                                                                                                                                                                                                                                                                      SHA-256:4AEA1CEDD976EF15A47A3433F3A2E176B1C5E495A54497DBA27247B35A1B8449
                                                                                                                                                                                                                                                                      SHA-512:DEC24D5C3F31C90CBEC3810290506309A1DB5677022C600D3BDD2E92B73078DC6353023F2AEEFA408ACEAC7C9F7ED5A2FF07A399B446E177FF93E5FA1B3F9353
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................@............`.........................................`................0..................`!..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12128
                                                                                                                                                                                                                                                                      Entropy (8bit):6.584846033473528
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:+SW+NhWHT71ojDBQABJ/YkXqnajL1dHx3tKPDGbO:1W+NhWUDBRJ/YElXBtgEO
                                                                                                                                                                                                                                                                      MD5:AF851DFD0D9FECB76FF2B403F3C30F5B
                                                                                                                                                                                                                                                                      SHA1:30F79FB4D4C91AF847963C46882D095D1F42EFBE
                                                                                                                                                                                                                                                                      SHA-256:6A3FD4B050F19EC5C53C15544B1F1B1540AC84F6061C0EC353983EB891330FDA
                                                                                                                                                                                                                                                                      SHA-512:04509B02115EC9B5BC4EE2F90E49E799CCF85884FE1F11F762F0614A96764B8F2B08F96895C467C5B11F20273183096B2BCCEB0B769DF9D65B56C378CB32B0F5
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0.......]....`.........................................`..."............ ..................`!..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13664
                                                                                                                                                                                                                                                                      Entropy (8bit):6.643272005308222
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:1M81nWlC0i5C84W+NhWCT71ojDBQABJibqnajMHxxBNT067L:1M81nWm5CfW+NhWzDBRJalI667L
                                                                                                                                                                                                                                                                      MD5:0F143310FADE4DE116070A3917A79C18
                                                                                                                                                                                                                                                                      SHA1:B9A092E885C73CB6D33C9E17D429EDE950CF3A26
                                                                                                                                                                                                                                                                      SHA-256:2DEF5140C289B89C9A27A2112A2CC01AD1A902944C597D6204BED4EFBC09FF7A
                                                                                                                                                                                                                                                                      SHA-512:F87104272AA2326641E46450A0333626567AB3FA85A89B81F7A7C0B1F90A47A70EA189CE3F6BF5DB6BB5CCCDA6D190FB2276EDEB44334245B210E7FACA05FC60
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0............`.........................................`................ ..................`!..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12640
                                                                                                                                                                                                                                                                      Entropy (8bit):6.569971581445471
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:lCY17aFBRgBW+NhWlT71ojDBQABJh+qnajMHxxBNT0677B:VPBW+NhW+DBRJh+lI667F
                                                                                                                                                                                                                                                                      MD5:F97E7878A2B372291B1269D80327BBF6
                                                                                                                                                                                                                                                                      SHA1:CEE6F776FE0AA5A6D4854058F20F675253F48998
                                                                                                                                                                                                                                                                      SHA-256:C4E195D297D163A49514847EF166DA614499404D28BC9419E3E6A28A8E03E9B6
                                                                                                                                                                                                                                                                      SHA-512:475898E60FFC291362FDA45AB710B9DDAF1CF5E82F66DFCC04998DED583C54692ECFCAC6CC4FE21B32BDD0E4DCE8AC32FD9AECCA2B0B60F129415180350D7825
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0...........`.........................................`................ ..................`!..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12128
                                                                                                                                                                                                                                                                      Entropy (8bit):6.686696649882593
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:1T9qW+NhWQxT71ojDBQABJbcFqnajLQvTP+8jgiG2W:1T9qW+NhWQqDBRJbQlvQyUgiG2W
                                                                                                                                                                                                                                                                      MD5:761DDD8669A661D57D9CF9C335949C06
                                                                                                                                                                                                                                                                      SHA1:251BBCAD15771D80492F1DEB001491A7ABB6C563
                                                                                                                                                                                                                                                                      SHA-256:FE51064E0728D553D0F3E96967671F7E6AE4EBD35D821679292014DD4C3BB8E3
                                                                                                                                                                                                                                                                      SHA-512:5AD590A5F81532F8BF21FB4F62BC248E71BBF657DFB1720B2D9F1628033AFE39426A1C27A89D9A06E50849BD0ED2242AFA93E4CF2BC83F03A922B8204F0F4F2A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0...........`.........................................`...e............ ..................`!..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):20832
                                                                                                                                                                                                                                                                      Entropy (8bit):6.211913408664236
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:WZVacWM4Oe59Ckb1hgmLEW+NhWvDBRJTell7P6g2:WZVJWMq59Bb1j0NS1Pae
                                                                                                                                                                                                                                                                      MD5:56556659C691DD043DBE24B0A195D64C
                                                                                                                                                                                                                                                                      SHA1:117B9A201D1E8BB9E5FADEAE808141D3FA41FB60
                                                                                                                                                                                                                                                                      SHA-256:2E1664E05C238D529393162F23640A51DEF436279184D2E2C16CFBF92AB736C1
                                                                                                                                                                                                                                                                      SHA-512:A8D4C4A24E126C62B387120BAE0EDD5CBCE6D33B026590FF7470D72EB171FFE62B8B2B01E745079C9A06CF1EB78A166707514715E17BBD512981792A1D2127E0
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........,...............................................P......)G....`.........................................`....%...........@...............0..`!..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):19808
                                                                                                                                                                                                                                                                      Entropy (8bit):6.198603756909033
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:1vF7vLPmIHJI6/CpG3t2G3t4odXLNW+NhWnDBRJJlI667K:1d/PmIHJI6zNW1Ps66O
                                                                                                                                                                                                                                                                      MD5:E9F6D776545843A9817D8ACF38D06D09
                                                                                                                                                                                                                                                                      SHA1:5277698E6C9C4FD3E16757D86E1669A5FC64A6F4
                                                                                                                                                                                                                                                                      SHA-256:C136E09DECF068B5F33041753C6FE9D4AF7429E00BDBD8D2CB8D2A4D503E755A
                                                                                                                                                                                                                                                                      SHA-512:D12EE6B7AFE2823632602B48D257D702552E9B644D62C0D0CCBAD9F298AD9E044266BAA1CBFFB656075D6B5317883BD1FA3B5C29FE25E132ED61C230D3007A4A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........(...............................................P.......1....`.........................................`.... ...........@...............,..`!..............8............................................................................rdata...".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12640
                                                                                                                                                                                                                                                                      Entropy (8bit):6.589067438536599
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:1/aitIqjd7cW+NhWfT71ojDBQABJoeONqnajsl/cKfX:1SitIBW+NhWcDBRJSlPKP
                                                                                                                                                                                                                                                                      MD5:6631C212F79350458589A5281374B38B
                                                                                                                                                                                                                                                                      SHA1:88BE6865AAC123FFBDAFEC32A6FBA34A26428875
                                                                                                                                                                                                                                                                      SHA-256:52CC325A4C2158B687C95F9702F4BE2E3EC41C80207E50F252F5620BA1784649
                                                                                                                                                                                                                                                                      SHA-512:E53D7BFA2639EFCCDB66D37957972FD1F8EB2BEEA3A81145588ED622501EE50261E05A06611EE7126564B11A5301B109F295D062F1A2DC1E44A2847000FD7298
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0............`.........................................`...x............ ..................`!..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):16224
                                                                                                                                                                                                                                                                      Entropy (8bit):6.451788344048283
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:erMUnaPrpJhhf4AN5/KiaW+NhWRT71ojDBQABJ6qnaj9RlaHIxX:N42r7oW+NhWKDBRJ6lBR4HIx
                                                                                                                                                                                                                                                                      MD5:BBAE7B5436D6D1B0FC967FF67E35415F
                                                                                                                                                                                                                                                                      SHA1:F67BC165CEFB119AD767B6BEC27A1102C0FD2BAC
                                                                                                                                                                                                                                                                      SHA-256:8150A238851D7DA74BC8F6F13262A8D6568373DC509F67544AB6A62398F20C4F
                                                                                                                                                                                                                                                                      SHA-512:4201A8EDFE303057545D04DE683BBDF0ACB68CF4D2E894192F899A70398DF18299432C0F6CAEE72D917A986882BBC0585035A9B934D4579F67A1C98CC894DEE2
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................@......M.....`.........................................`...4............0..................`!..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):17760
                                                                                                                                                                                                                                                                      Entropy (8bit):6.398426170611526
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:1/rjrvIDmMSNuWYFxEpahysW+NhW8T71ojDBQABJ+qnaj9RlaHD:1j3vAmiFVhpW+NhWRDBRJ+lBR4HD
                                                                                                                                                                                                                                                                      MD5:53E9526AF1FDCE39F799BFE9217397A8
                                                                                                                                                                                                                                                                      SHA1:F4A7FBD2D9384873F708F1EEAEB041A3FBE2C144
                                                                                                                                                                                                                                                                      SHA-256:DE44561E4587C588BC140502FD6CD52E5955ABEEC63D415BE38A6D03F35F808F
                                                                                                                                                                                                                                                                      SHA-512:8167EE463506FE0E9D145CC4E0DC8A86F1837AE87BC9EFE61632FB39EF996303E2F2A889B6B02FF4A201FAF73F3E76E52B1B9AF0263C6FCFDAC9E6EA32B0859F
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." ......... ...............................................@.......8....`.........................................`...a............0...............$..`!..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):17760
                                                                                                                                                                                                                                                                      Entropy (8bit):6.386998583011738
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:jsx0C5yguNvZ5VQgx3SbwA7yMVIkFGlrW+NhWqDBRJD1HlI6674:m5yguNvZ5VQgx3SbwA71IkFKN71Pc66s
                                                                                                                                                                                                                                                                      MD5:ECCF5973B80D771A79643732017CEA9A
                                                                                                                                                                                                                                                                      SHA1:E7A28AA17E81965CA2D43F906ED5AB51AC34EE7C
                                                                                                                                                                                                                                                                      SHA-256:038B93E611704CC5B9F70A91EBF06E9DB62EF40180EC536D9E5AB68EB4BB1333
                                                                                                                                                                                                                                                                      SHA-512:B95F5EFC083716CB9DABA160B8FA7B94F80D93AB5DE65A9FB0356C7FB32C0D45FE8D5D551E625A4D6D8E96B314BAE2D38DF58B457B6CED17A95D11F6F2F5370E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." ......... ...............................................@............`.........................................`................0...............$..`!..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):14176
                                                                                                                                                                                                                                                                      Entropy (8bit):6.537237618041906
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:VuO/z7kzFDqpW+NhWTLT71ojDBQABJNqnajxcRGlP6Zq14:VPEzgW+NhWTYDBRJNll7P6gC
                                                                                                                                                                                                                                                                      MD5:090DD0BB2BDDEE3EAAE5B6FF15FAE209
                                                                                                                                                                                                                                                                      SHA1:DDC5AC01227970A4925A08F29BA65EB10344EDB1
                                                                                                                                                                                                                                                                      SHA-256:957177C4FE21AE182DFE3A2A13A1FF020F143048FC14499AE9856E523605083E
                                                                                                                                                                                                                                                                      SHA-512:2E0B8567231E320B2E52AF3B86047CFAB16824E2DB1D1BB17BAFE7A1C6C5F0BF62D76656206A3D7EF1D3849B479BF5E09DB1F0F4E4CD0AA2DF09838D35C877F3
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0............`.........................................`................ ..................`!..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):12128
                                                                                                                                                                                                                                                                      Entropy (8bit):6.668726680563428
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:aBfHQduPW+NhWMT71ojDBQABJX+4qnaj9RlaH:aBfFW+NhWhDBRJX3lBR4H
                                                                                                                                                                                                                                                                      MD5:CC337898E64D9078CB697AC19F995C7F
                                                                                                                                                                                                                                                                      SHA1:2EBCFA0CDF865FE40CBAF4FFCE6D3903AEA47E3C
                                                                                                                                                                                                                                                                      SHA-256:E7EF5D714FC21DD1AA9DB0C4EEFE634463EEFBD5AA4454A568BFC52E04FDDF18
                                                                                                                                                                                                                                                                      SHA-512:6960FA9617514CA223B9ABDA9A3A6C69CF05474B3C5FEC2BE6C6D5F65580C7A18E129B6D207F21EB136B0737481107E09C20B0398826284CE5F9A65A3CF8A1CA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d......U.........." .........................................................0......s.....`.........................................`...^............ ..................`!..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\base_library.zip

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):880569
                                                                                                                                                                                                                                                                      Entropy (8bit):5.6829236086496415
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:12288:tgYJu4KWWSBC6SdIp5LA4a2Ya2Zd1VwxffpERepgSLMNZ:tgYJ71BhLa2x8VwxffpERehMNZ
                                                                                                                                                                                                                                                                      MD5:01BD4F502A3CED4678E93CBB528DEBBB
                                                                                                                                                                                                                                                                      SHA1:2C23D0D6699C3358875E3C9B3F810096384446CB
                                                                                                                                                                                                                                                                      SHA-256:A69368C96CF351B44B7E709B431AE4691580E241FD2367541D2361F348949AF2
                                                                                                                                                                                                                                                                      SHA-512:1B9722BC5DFCF4656605D94F37D6D0CB351CE06A59170AC4E3E2A2AD1AAE99CA06D7CA45B7572179394B711D24E9FB182C6FA1C3F4AC5D064BAE802C64D80564
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:PK..........!.iJU.5...5......._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\certifi\cacert.pem

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):292541
                                                                                                                                                                                                                                                                      Entropy (8bit):6.048162209044241
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                                                                                                      MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                                                                                                      SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                                                                                                      SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                                                                                                      SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                                      Entropy (8bit):4.675182011095312
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:FL8Khp72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFaiHrmHcX6g8cim1qeSC:Zj2HzzU2bRYoe4Hmcqgvimoe
                                                                                                                                                                                                                                                                      MD5:F33CA57D413E6B5313272FA54DBC8BAA
                                                                                                                                                                                                                                                                      SHA1:4E0CABE7D38FE8D649A0A497ED18D4D1CA5F4C44
                                                                                                                                                                                                                                                                      SHA-256:9B3D70922DCFAEB02812AFA9030A40433B9D2B58BCF088781F9AB68A74D20664
                                                                                                                                                                                                                                                                      SHA-512:F17C06F4202B6EDBB66660D68FF938D4F75B411F9FAB48636C3575E42ABAAB6464D66CB57BCE7F84E8E2B5755B6EF757A820A50C13DD5F85FAA63CD553D3FF32
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6..^W..^W..^W..W/..\W..K(..\W.../..\W..K(..UW..K(..VW..K(..]W.."..]W..^W..xW..g.._W..g.._W..g.a._W..g.._W..Rich^W..........PE..d....hAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):120320
                                                                                                                                                                                                                                                                      Entropy (8bit):5.879886869577473
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:YKBCiXU2SBEUemE+OaOb3OEOz0fEDrF9pQKhN:YJZ2zOfdQKX
                                                                                                                                                                                                                                                                      MD5:494F5B9ADC1CFB7FDB919C9B1AF346E1
                                                                                                                                                                                                                                                                      SHA1:4A5FDDD47812D19948585390F76D5435C4220E6B
                                                                                                                                                                                                                                                                      SHA-256:AD9BCC0DE6815516DFDE91BB2E477F8FB5F099D7F5511D0F54B50FA77B721051
                                                                                                                                                                                                                                                                      SHA-512:2C0D68DA196075EA30D97B5FD853C673E28949DF2B6BF005AE72FD8B60A0C036F18103C5DE662CAC63BAAEF740B65B4ED2394FCD2E6DA4DFCFBEEF5B64DAB794
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........SRxr.Rxr.Rxr.[...Zxr.G.s.Pxr...s.Pxr.G.w._xr.G.v.Zxr.G.q.Qxr...s.Qxr.Rxs..xr.k.z.Sxr.k.r.Sxr.k...Sxr.k.p.Sxr.RichRxr.........................PE..d....hAe.........." ...%............02....................................... ............`.............................................d..........................................Px...............................w..@............@...............................text...X-.......................... ..`.rdata...X...@...Z...2..............@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\INSTALLER

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\LICENSE

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\METADATA

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):5430
                                                                                                                                                                                                                                                                      Entropy (8bit):5.111831778200942
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:DxZpqZink/QIHQIyzQIZQILuQIR8vtklGovuxNx6rIWwCvCCcT+vIrrr9B+M6VwP:xJnkoBs/stL18cT+vIrrxsM6VwDjyeyM
                                                                                                                                                                                                                                                                      MD5:AD313397AABF8AF5D234DF73C901CB4D
                                                                                                                                                                                                                                                                      SHA1:B213A420B73EACF37409BC428812B3E17F1C12C9
                                                                                                                                                                                                                                                                      SHA-256:65479522961A5B9B1C4811232C4133DDC8BDA9BBBC7562B81EF76857A2A2475A
                                                                                                                                                                                                                                                                      SHA-512:468BD32AABA49839D4A4752108A378954900037588B7095B318179D64F76F4302ADEBCFA1664CEE5CC390AD0EEA79A611A7B5C372548FEA22DF77C2A459DA2AF
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1..Name: cryptography..Version: 42.0.5..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\RECORD

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):15325
                                                                                                                                                                                                                                                                      Entropy (8bit):5.566095103726107
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:GXPJofR5jF4e+6tkh4v4Ko29vZ6W1HepPN+NXwvn5ZnM:GXOfbCWPoIvZ6W1HepPN+9wvnA
                                                                                                                                                                                                                                                                      MD5:63C3E2671FC695972FAC7F7FA26CA3DB
                                                                                                                                                                                                                                                                      SHA1:58A52CA7E0B6F9DE0E89E1DA799EBBD7898D635E
                                                                                                                                                                                                                                                                      SHA-256:A443A65BFFDE342F60CA1267DAB2229514073F64AB1BCC08CCCEF42FC015C16D
                                                                                                                                                                                                                                                                      SHA-512:4773FC277B176EDC3872D654992B53BF247B8E3ED87D40C43A5ACEB593C88E03EB6E0E200145EEB66C3B0ACDBA4B77107279C2681840405E88AD195976779D87
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:cryptography-42.0.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-42.0.5.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-42.0.5.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-42.0.5.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-42.0.5.dist-info/METADATA,sha256=ZUeVIpYaW5scSBEjLEEz3ci9qbu8dWK4HvdoV6KiR1o,5430..cryptography-42.0.5.dist-info/RECORD,,..cryptography-42.0.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-42.0.5.dist-info/WHEEL,sha256=ZzJfItdlTwUbeh2SvWRPbrqgDfW_djikghnwfRmqFIQ,100..cryptography-42.0.5.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=Q_dIPaB2u54kbfNQMzqmbel-gbG6RC5vWzO6OSFDGqM,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\WHEEL

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):100
                                                                                                                                                                                                                                                                      Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKciH/KQLn:RtBMwlVCxWKTQLn
                                                                                                                                                                                                                                                                      MD5:C48772FF6F9F408D7160FE9537E150E0
                                                                                                                                                                                                                                                                      SHA1:79D4978B413F7051C3721164812885381DE2FDF5
                                                                                                                                                                                                                                                                      SHA-256:67325F22D7654F051B7A1D92BD644F6EBAA00DF5BF7638A48219F07D19AA1484
                                                                                                                                                                                                                                                                      SHA-512:A817107D9F70177EA9CA6A370A2A0CB795346C9025388808402797F33144C1BAF7E3DE6406FF9E3D8A3486BDFAA630B90B63935925A36302AB19E4C78179674F
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64..

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography-42.0.5.dist-info\top_level.txt

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                                                                                                                      Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                                                      MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                                                      SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                                                      SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                                                      SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:cryptography.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):7218176
                                                                                                                                                                                                                                                                      Entropy (8bit):6.56234593155449
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:98304:1CPfKk+AGdmA+xiIfIBE7S2ohqc/3J2y:gPfr3GdmAwjABE7S2ogiJ
                                                                                                                                                                                                                                                                      MD5:12A7C0D35CCBD002150BB29DDD7E8440
                                                                                                                                                                                                                                                                      SHA1:F16D9A4654DC76B3CFADA387FF7BDDDB0B18B79A
                                                                                                                                                                                                                                                                      SHA-256:7E22D579AC503B959268964102C03D4E96C8A9B74186158B8C82FDC8CF9D9522
                                                                                                                                                                                                                                                                      SHA-512:C9E5E68DE8F51F91CBBA839B4FECE1DB4DA7480890A6C7318A78DEAA30191FCB8913BA447F45D4AE93B986F3246F09F8CC721E781CE020110A3BB5628B3EF9F7
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.Fs..Fs..Fs..O...Ts.....Ds.....Ws.....Ns.....Bs..|...Ds..Fs..gq.....Ws..)...0p.....Gs..Fs...s.....Gs.....Gs..RichFs..........................PE..d....A.e.........." ...'.jS...........R.......................................n...........`.........................................`.h.p.....h.|............Pj..M............m......7c.T....................8c.(....6c.@.............S..............................text....hS......jS................. ..`.rdata........S......nS.............@..@.data....!... i.......i.............@....pdata...M...Pj..N....i.............@..@.reloc........m......Dm.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\libcrypto-1_1.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):3450648
                                                                                                                                                                                                                                                                      Entropy (8bit):6.098075450035195
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA
                                                                                                                                                                                                                                                                      MD5:9D7A0C99256C50AFD5B0560BA2548930
                                                                                                                                                                                                                                                                      SHA1:76BD9F13597A46F5283AA35C30B53C21976D0824
                                                                                                                                                                                                                                                                      SHA-256:9B7B4A0AD212095A8C2E35C71694D8A1764CD72A829E8E17C8AFE3A55F147939
                                                                                                                                                                                                                                                                      SHA-512:CB39AA99B9D98C735FDACF1C5ED68A4D09D11F30262B91F6AA48C3F8520EFF95E499400D0CE7E280CA7A90FF6D7141D2D893EF0B33A8803A1CADB28BA9A9E3E2
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].q...q...q....M..q.......q.......q.......q.......q...q..[q.......q.......q.......s.......q....!..q.......q..Rich.q..........................PE..d......c.........." ..."..$.................................................. 5......%5...`.........................................../..h...Z4.@.....4.|.....2......x4../....4..O....-.8.............................-.@............P4..............................text.....$.......$................. ..`.rdata..&.....%.......$.............@..@.data...!z....2..,....1.............@....pdata........2.......2.............@..@.idata..^#...P4..$....3.............@..@.00cfg..u.....4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\libffi-7.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):32792
                                                                                                                                                                                                                                                                      Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                                                                      MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                                                                      SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                                                                      SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                                                                      SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\libssl-1_1.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):704792
                                                                                                                                                                                                                                                                      Entropy (8bit):5.5573527806738126
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:12288:WhO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0TGqwfU2lvz2:2is/POtrzbLp5dQ0TGqcU2lvz2
                                                                                                                                                                                                                                                                      MD5:BEC0F86F9DA765E2A02C9237259A7898
                                                                                                                                                                                                                                                                      SHA1:3CAA604C3FFF88E71F489977E4293A488FB5671C
                                                                                                                                                                                                                                                                      SHA-256:D74CE01319AE6F54483A19375524AA39D9F5FD91F06CF7DF238CA25E043130FD
                                                                                                                                                                                                                                                                      SHA-512:FFBC4E5FFDB49704E7AA6D74533E5AF76BBE5DB297713D8E59BD296143FE5F145FBB616B343EED3C48ECEACCCCC2431630470D8975A4A17C37EAFCC12EDD19F4
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1}q.1}q.1}q.8..=}q.~.p.3}q.z.p.3}q.~.t.=}q.~.u.9}q.~.r.5}q...p.2}q.1}p..|q...u..}q...q.0}q.....0}q...s.0}q.Rich1}q.........PE..d......c.........." ...".D...T......<................................................i....`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\pyexpat.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):198936
                                                                                                                                                                                                                                                                      Entropy (8bit):6.372446720663998
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:13BAJzkk5dT6F62eqf2A3zVnjIHdAPKReewMP12yGUfT0+SYyWgOmrpjAxvwnVIq:FQg4dT6N5OA3zVnjNed4yGKTKR/
                                                                                                                                                                                                                                                                      MD5:1118C1329F82CE9072D908CBD87E197C
                                                                                                                                                                                                                                                                      SHA1:C59382178FE695C2C5576DCA47C96B6DE4BBCFFD
                                                                                                                                                                                                                                                                      SHA-256:4A2D59993BCE76790C6D923AF81BF404F8E2CB73552E320113663B14CF78748C
                                                                                                                                                                                                                                                                      SHA-512:29F1B74E96A95B0B777EF00448DA8BD0844E2F1D8248788A284EC868AE098C774A694D234A00BD991B2D22C2372C34F762CDBD9EC523234861E39C0CA752DCAA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...sn.Jsn.Jsn.Jz.:J.n.J!..Kqn.J!..K.n.J!..K{n.J!..Kpn.J...Kqn.J8..Kpn.Jsn.J.n.J...Kwn.J...Krn.J..VJrn.J...Krn.JRichsn.J................PE..d.....,d.........." ......................................................................`.........................................p...P................................/...........4..T...........................05..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\python3.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):66328
                                                                                                                                                                                                                                                                      Entropy (8bit):6.162953246481027
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:t68LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqn:t6wewnvtjnsfwxVILL0S7SyuPxHO
                                                                                                                                                                                                                                                                      MD5:FD4A39E7C1F7F07CF635145A2AF0DC3A
                                                                                                                                                                                                                                                                      SHA1:05292BA14ACC978BB195818499A294028AB644BD
                                                                                                                                                                                                                                                                      SHA-256:DC909EB798A23BA8EE9F8E3F307D97755BC0D2DC0CB342CEDAE81FBBAD32A8A9
                                                                                                                                                                                                                                                                      SHA-512:37D3218BC767C44E8197555D3FA18D5AAD43A536CFE24AC17BF8A3084FB70BD4763CCFD16D2DF405538B657F720871E0CD312DFEB7F592F3AAC34D9D00D5A643
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A.d.A.d.A.d...l.@.d...d.@.d.....@.d...f.@.d.RichA.d.........PE..d.....,d.........." .................................................................x....`.........................................`...`................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\python310.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4458776
                                                                                                                                                                                                                                                                      Entropy (8bit):6.460390021076921
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:49152:myrXfGIy+Bqk5c5Ad2nwZT3Q6wsV136cR2DZvbK30xLNZcAgVBvcpYcvl1IDWbH3:Uw5tVBlicWdvoDkHUMF7Ph/qe
                                                                                                                                                                                                                                                                      MD5:63A1FA9259A35EAEAC04174CECB90048
                                                                                                                                                                                                                                                                      SHA1:0DC0C91BCD6F69B80DCDD7E4020365DD7853885A
                                                                                                                                                                                                                                                                      SHA-256:14B06796F288BC6599E458FB23A944AB0C843E9868058F02A91D4606533505ED
                                                                                                                                                                                                                                                                      SHA-512:896CAA053F48B1E4102E0F41A7D13D932A746EEA69A894AE564EF5A84EF50890514DECA6496E915AAE40A500955220DBC1B1016FE0B8BCDDE0AD81B2917DEA8B
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<...<...<...I...<...Sc..<...I...<...I...<...I...<...D...<...D...<...<...=..+I../<..+I...<..+Ia..<..+I...<..Rich.<..........................PE..d.....,d.........." .....V#..v!...............................................E.....".D...`.........................................`.<.....@.=.|.....D......`B.......C../....D..t....$.T...........................P.$.8............p#.8............................text...bT#......V#................. ..`.rdata...B...p#..D...Z#.............@..@.data... .....=.......=.............@....pdata.......`B......HA.............@..@PyRuntim`....pD......VC.............@....rsrc.........D......ZC.............@..@.reloc...t....D..v...dC.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pythoncom310.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):669184
                                                                                                                                                                                                                                                                      Entropy (8bit):6.03765159448253
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:6144:zxxMpraRSS9Y68EuBPjIQN5cJzS7bUxgyPxFMH0PIXY3dVVVVAuLpdorrcK/CXjW:zxxMZMX1bQIJO7bazPEQSYNBLpdwNu
                                                                                                                                                                                                                                                                      MD5:65DD753F51CD492211986E7B700983EF
                                                                                                                                                                                                                                                                      SHA1:F5B469EC29A4BE76BC479B2219202F7D25A261E2
                                                                                                                                                                                                                                                                      SHA-256:C3B33BA6C4F646151AED4172562309D9F44A83858DDFD84B2D894A8B7DA72B1E
                                                                                                                                                                                                                                                                      SHA-512:8BD505E504110E40FA4973FEFF2FAE17EDC310A1CE1DC78B6AF7972EFDD93348087E6F16296BFD57ABFDBBE49AF769178F063BB0AA1DEE661C08659F47A6216D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..x...+...+...+..P+...+T..*...+T..*...+T..*...+T..*...+..*...+...*...+...*...+...*...+...+U..+..*W..+..*...+..*...+Rich...+................PE..d...k..d.........." ................4.....................................................`..........................................U...c..............l....@...z............... ......T...........................0...8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\pywin32_system32\pywintypes310.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):134656
                                                                                                                                                                                                                                                                      Entropy (8bit):5.992653928086484
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:DLVxziezwPZSMaAXpuuwNNDY/r06trfSsSYOejKVJBtGdI8hvnMu:HfziezwMMaAX2Y/rxjbOejKDBtG681n
                                                                                                                                                                                                                                                                      MD5:CEB06A956B276CEA73098D145FA64712
                                                                                                                                                                                                                                                                      SHA1:6F0BA21F0325ACC7CF6BF9F099D9A86470A786BF
                                                                                                                                                                                                                                                                      SHA-256:C8EC6429D243AEF1F78969863BE23D59273FA6303760A173AB36AB71D5676005
                                                                                                                                                                                                                                                                      SHA-512:05BAB4A293E4C7EFA85FA2491C32F299AFD46FDB079DCB7EE2CC4C31024E01286DAAF4AEAD5082FC1FD0D4169B2D1BE589D1670FCF875B06C6F15F634E0C6F34
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.$.X.w.X.w.X.w. [w.X.w.-.v.X.w.75w.X.w.-.v.X.w.-.v.X.w.-.v.X.w.3.v.X.wJ1.v.X.w.3.v.X.w.X.w.X.w,-.v.X.w,-.v.X.w,-.v.X.wRich.X.w........................PE..d......d.........." .........................................................P............`......................................... u..dB......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\select.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):29976
                                                                                                                                                                                                                                                                      Entropy (8bit):6.627859470728624
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:gUC2hwhVHqOmEVILQG35YiSyvrYPxWEl6:FC2ehVKOmEVILQGp7SyEPxe
                                                                                                                                                                                                                                                                      MD5:A653F35D05D2F6DEBC5D34DADDD3DFA1
                                                                                                                                                                                                                                                                      SHA1:1A2CEEC28EA44388F412420425665C3781AF2435
                                                                                                                                                                                                                                                                      SHA-256:DB85F2F94D4994283E1055057372594538AE11020389D966E45607413851D9E9
                                                                                                                                                                                                                                                                      SHA-512:5AEDE99C3BE25B1A962261B183AE7A7FB92CB0CB866065DC9CD7BB5FF6F41CC8813D2CC9DE54670A27B3AD07A33B833EAA95A5B46DAD7763CA97DFA0C1CE54C9
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!.F.O.F.O.F.O.O...D.O...N.D.O...J.M.O...K.N.O...L.B.O...N.D.O.F.N...O...N.C.O...B.G.O...O.G.O....G.O...M.G.O.RichF.O.................PE..d.....,d.........." .........0......................................................;\....`.........................................`@..L....@..x....p.......`.......F.../......H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\LICENSE

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1050
                                                                                                                                                                                                                                                                      Entropy (8bit):5.072538194763298
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                                                      MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                                                                                      SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                                                                                      SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                                                                                      SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\METADATA

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):6301
                                                                                                                                                                                                                                                                      Entropy (8bit):5.107162422517841
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
                                                                                                                                                                                                                                                                      MD5:9E59BD13BB75B38EB7962BF64AC30D6F
                                                                                                                                                                                                                                                                      SHA1:70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
                                                                                                                                                                                                                                                                      SHA-256:80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
                                                                                                                                                                                                                                                                      SHA-512:67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\RECORD

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):37694
                                                                                                                                                                                                                                                                      Entropy (8bit):5.560695955910088
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:DDz9AkShgQUgq/kc2mIkpIVh498WjXYW1P5+Eu8X62aDoaQPKJfRQIbwA+hof2yf:Dn3OIyQgIAY8T/7T962lSsSGxt9Im
                                                                                                                                                                                                                                                                      MD5:E30355B5F7466BEE1691929B05EED672
                                                                                                                                                                                                                                                                      SHA1:B9F1275EF04F2D36DD1F801DE116AC12AA68722E
                                                                                                                                                                                                                                                                      SHA-256:CEBD9639E6923A470E818350691053C3CC846A72426A9BFCB70F092868FA0D5B
                                                                                                                                                                                                                                                                      SHA-512:C7A56FE3037A07035279FF063406F7999360D5B275D743C0EF88335EB98BE4CA539775CC1470BF121CE166AA53E3E55002BE7402350E62811EA2B4D0BBD6A617
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-310.pyc,,.._distutils_hack/__pycache__/override.cpython-310.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-310.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-310.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-310.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-310.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\WHEEL

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                                                      Entropy (8bit):4.820827594031884
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
                                                                                                                                                                                                                                                                      MD5:4D57030133E279CEB6A8236264823DFD
                                                                                                                                                                                                                                                                      SHA1:0FDC3988857C560E55D6C36DCC56EE21A51C196D
                                                                                                                                                                                                                                                                      SHA-256:1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
                                                                                                                                                                                                                                                                      SHA-512:CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\entry_points.txt

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2740
                                                                                                                                                                                                                                                                      Entropy (8bit):4.540737240939103
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
                                                                                                                                                                                                                                                                      MD5:D3262B65DB35BFFAAC248075345A266C
                                                                                                                                                                                                                                                                      SHA1:93AD6FE5A696252B9DEF334D182432CDA2237D1D
                                                                                                                                                                                                                                                                      SHA-256:DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
                                                                                                                                                                                                                                                                      SHA-512:1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\setuptools-65.5.0.dist-info\top_level.txt

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                      Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                                                                                      MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                                                                                      SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                                                                                      SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                                                                                      SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\sqlite3.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1511192
                                                                                                                                                                                                                                                                      Entropy (8bit):6.571598248013314
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24576:QS54zkxnH4R0YnZRF4gLDafM9WJeQ6dS6BgMkPilAHmXf2arqTlTKQAHE4P2:JAm4R0CZRF4gLDafgWJR7e3k4l+aruPB
                                                                                                                                                                                                                                                                      MD5:914925249A488BD62D16455D156BD30D
                                                                                                                                                                                                                                                                      SHA1:7E66BA53F3512F81C9014D322FCB7DD895F62C55
                                                                                                                                                                                                                                                                      SHA-256:FBD8832B5BC7E5C9ADCF7320C051A67EE1C33FD198105283058533D132785AB4
                                                                                                                                                                                                                                                                      SHA-512:21A468929B15B76B313B32BE65CFC50CAD8F03C3B2E9BF11CA3B02C88A0482B7BC15646CE40DF7FB42FBC96BD12362A54CFFE0563C4DDC3FC78622622C699186
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.v....@...@...@...@...@I..A...@I..A...@I..A...@I..A...@P..A...@...@...@..A...@..A...@..@...@..A...@Rich...@........PE..d.....,d.........." ................|........................................0.......m....`.............................................."..4................0..L......../... ......`V..T............................V..8...............(............................text...8........................... ..`.rdata..............................@..@.data....F.......>..................@....pdata..L....0......................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\ucrtbase.dll

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):994760
                                                                                                                                                                                                                                                                      Entropy (8bit):6.6459311249383015
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24576:5+o8vuNdoAgHmfm0OPrlAQzGqnta8vx8ri88mxvSZX0ypny6:LVSmXOPkqnPr80y6
                                                                                                                                                                                                                                                                      MD5:D6181DE1FCD6289D22022B83EF2BF09D
                                                                                                                                                                                                                                                                      SHA1:155151A0F5C060F15B963021027606876AD396F2
                                                                                                                                                                                                                                                                      SHA-256:EC5B538752AA0890CFD94639F394EF9919A53BDADD671D15E96B8216464E2EC7
                                                                                                                                                                                                                                                                      SHA-512:DE92ED6B57C9A4752AFAF2E01E380433620DF32D947575605042801F064BB209AD0FE3E0F26D3172A7CB81030639015A644DC0C087B1E50B52196E6846E071DC
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.a.'.a.'.a.'.`..a.......a..6..&.a.l..&.a.l....a.l..q.a.l....a.l..k.a.l..&.a.l..&.a.Rich'.a.........................PE..d...v.yX.........." .........Z......`........................................@......+]....`A.........................................O......P$....... .. ....p..x........C...0..........8...........................0...................P............................text............................... ..`.rdata...z.......|..................@..@.data....$...@......."..............@....pdata..x....p.......2..............@..@.rsrc... .... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\unicodedata.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1123608
                                                                                                                                                                                                                                                                      Entropy (8bit):5.3853088605790385
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:12288:6mwlRMmuZ63NTQCb5Pfhnzr0ql8L8kcM7IRG5eeme6VZyrIBHdQLhfFE+uQfk:ulRuUZV0m8UMMREtV6Vo4uYQfk
                                                                                                                                                                                                                                                                      MD5:81D62AD36CBDDB4E57A91018F3C0816E
                                                                                                                                                                                                                                                                      SHA1:FE4A4FC35DF240B50DB22B35824E4826059A807B
                                                                                                                                                                                                                                                                      SHA-256:1FB2D66C056F69E8BBDD8C6C910E72697874DAE680264F8FB4B4DF19AF98AA2E
                                                                                                                                                                                                                                                                      SHA-512:7D15D741378E671591356DFAAD4E1E03D3F5456CBDF87579B61D02A4A52AB9B6ECBFFAD3274CEDE8C876EA19EAEB8BA4372AD5986744D430A29F50B9CAFFB75D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$z.eJ).eJ).eJ)...).eJ)..K(.eJ)..O(.eJ)..N(.eJ)..I(.eJ)|.K(.eJ)..K(.eJ).eK).eJ)|.G(.eJ)|.J(.eJ)|..).eJ)|.H(.eJ)Rich.eJ)........................PE..d.....,d.........." .....B.......... *.......................................@......Q.....`.............................................X............ ..........H......../...0.......`..T........................... a..8............`..x............................text...9A.......B.................. ..`.rdata.......`.......F..............@..@.data...............................@....pdata..H...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                                      Entropy (8bit):5.112106937352672
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:lGCm72PEO1jIUs0YqEcPbF55UgCWV4rofnbPmitE255qDLWn7ycLmrO/:8ardA0Bzx14r6nbN50W9/
                                                                                                                                                                                                                                                                      MD5:F9C9445BE13026F8DB777E2BBC26651D
                                                                                                                                                                                                                                                                      SHA1:E1D58C30E94B00B32AD1E9B806465643F4AFE980
                                                                                                                                                                                                                                                                      SHA-256:C953DB1F67BBD92114531FF44EE4D76492FDD3CF608DA57D5C04E4FE4FDD1B96
                                                                                                                                                                                                                                                                      SHA-512:587D9E8521C246865E16695E372A1675CFBC324E6258DD03479892D3238F634138EBB56985ED34E0C8C964C1AB75313182A4E687B598BB09C07FC143B506E9A8
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......tSf.02..02..02..9J..22..bG..22..$Y..22..bG..;2..bG..82..bG..32..[..32..02...2...G..12...G..12...G..12..Rich02..................PE..d......d.........." ......................................................................`..........................................;..`...`;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..$....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32api.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):133632
                                                                                                                                                                                                                                                                      Entropy (8bit):5.849731189887005
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:l2J5loMoEg9enX4oD8cdf0nlRVFhLaNKP/IyymuqCyqJhe:cblovEgqXHdfqlRVlP/IyzCyy
                                                                                                                                                                                                                                                                      MD5:00E5DA545C6A4979A6577F8F091E85E1
                                                                                                                                                                                                                                                                      SHA1:A31A2C85E272234584DACF36F405D102D9C43C05
                                                                                                                                                                                                                                                                      SHA-256:AC483D60A565CC9CBF91A6F37EA516B2162A45D255888D50FBBB7E5FF12086EE
                                                                                                                                                                                                                                                                      SHA-512:9E4F834F56007F84E8B4EC1C16FB916E68C3BAADAB1A3F6B82FAF5360C57697DC69BE86F3C2EA6E30F95E7C32413BABBE5D29422D559C99E6CF4242357A85F31
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.uV....................N.......N.......N.......................N...................J...........................Rich............PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32crypt.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):123904
                                                                                                                                                                                                                                                                      Entropy (8bit):5.965293722751848
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:Nz7lVQlgMZhNKMiZj6f9XCqrN5dolqF7Ea:Nz7+gMnNbqQh5Wlk7
                                                                                                                                                                                                                                                                      MD5:ACC2C2A7DD9BA8603AC192D886FF2ACE
                                                                                                                                                                                                                                                                      SHA1:EAE213D0B86A7730161D8CC9568D91663948C638
                                                                                                                                                                                                                                                                      SHA-256:4805C4903E098F0AE3C3CBEBD02B44DF4D73AB19013784F49A223F501DA3C853
                                                                                                                                                                                                                                                                      SHA-512:23B97707843D206833E7D4F0DFCAD79A597DE0867BAB629026DD26BFF9F1C640BB4CD1BC6BCE7ABE48353FEAC8C367E93EA7B15425D6FF8B1AEA07A716F5E491
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................J.........................................`..............................................Rich............PE..d......d.........." ......................................................... ............`..........................................o..................d.......................H....G..T............................H..8............................................text............................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32evtlog.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):73216
                                                                                                                                                                                                                                                                      Entropy (8bit):5.762045981366128
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:idrARomwyEvN7xM8v2uuYTtEJaLGDXYBFB8Dmz:qIomwySmm2uuYJEJaLGDXkFB8qz
                                                                                                                                                                                                                                                                      MD5:20CA43E99D008452833394B4AB4D9239
                                                                                                                                                                                                                                                                      SHA1:97E6DC871483540551CBF44B7727CE91ADCDA844
                                                                                                                                                                                                                                                                      SHA-256:28783A9111E539BD0EDBB97C9204C983E1D15DC7A0E7A6D4DE02DF1A3D5E3566
                                                                                                                                                                                                                                                                      SHA-512:273323375886835BC4E737984586BC31FFDCC185A3FA3CA1181CB65B2D6D1867E527B3226484ECD8DD902A02CF94B4AB8F7C88744235543ED83620206E65E7C0
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u...|f).s...'k..q...'k..}...'k..v....k..w....w..w...'k..f...au..p...u........k..t....k..t....kE.t....k..t...Richu...................PE..d......d.........." ................P........................................`............`.............................................X...8........@.. ....0..|............P..l.......T...........................`...8...............`.......@....................text............................... ..`.rdata..&\.......^..................@..@.data...............................@....pdata..|....0......................@..@.rsrc... ....@......................@..@.reloc..l....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\win32\win32trace.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):23552
                                                                                                                                                                                                                                                                      Entropy (8bit):5.279236779449316
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:peeH8ZmV+zknwMsADuVLw0T8DmrRl2j9BfEAZnpC9QJQ1BA:5+zi/uVDS9dl6pB
                                                                                                                                                                                                                                                                      MD5:B291ADAB2446DA62F93369A0DD662076
                                                                                                                                                                                                                                                                      SHA1:A6B6C1054C1F511C64AEFB5F6C031AFE553E70F0
                                                                                                                                                                                                                                                                      SHA-256:C5AD56E205530780326BD1081E94B212C65082B58E0F69788E3DC60EFFBD6410
                                                                                                                                                                                                                                                                      SHA-512:847CC9E82B9939DBDC58BFA3E5A9899D614642E0B07CF1508AA866CD69E4AD8C905DBF810A045D225E6C364E1D9F2A45006F0EB0895BCD5AAF9D81EE344D4AEA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*U@qD.@qD.@qD.I...DqD...E.BqD...A.JqD...@.HqD...G.CqD...E.BqD...E.BqD.T.E.EqD.@qE..qD...M.AqD...D.AqD...F.AqD.Rich@qD.................PE..d......d.........." .....,...,.......(....................................................`..........................................Q..T...dQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI30602\win32com\shell\shell.pyd

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):527872
                                                                                                                                                                                                                                                                      Entropy (8bit):6.165923585421349
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:6144:bXtpsewPjUA2jGZ90SmgopJgUCBKw84O3Rpd0K1VS0cTZdxi2y3:bXtp5sIAN90pleK1VSXXi2g
                                                                                                                                                                                                                                                                      MD5:C2E1B245D4221BDA4C198CF18D9CA6AF
                                                                                                                                                                                                                                                                      SHA1:9682B6E966495F7B58255348563A86C63FBD488C
                                                                                                                                                                                                                                                                      SHA-256:89A8651DAD701DCE6B42B0E20C18B07DF6D08A341123659E05381EE796D23858
                                                                                                                                                                                                                                                                      SHA-512:C2F57E9303D37547671E40086DDAD4B1FC31C52D43994CFCEC974B259125E125C644873073F216F28066BB0C213CBEB1B9A3C149727C9F1BC50F198AC45A4C8A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......M................).....[......[......[......[...................................................O.................Rich............................PE..d...(..d.........." ....."..........t.....................................................`.............................................L...............L.......xx...............!......T..............................8............@...............................text...^!.......".................. ..`.rdata.......@.......&..............@..@.data...@....0...^..................@....pdata..xx.......z...n..............@..@.rsrc...L...........................@..@.reloc...!......."..................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\cards_db

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                      Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                      MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\downloads_db

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\login_db

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):51200
                                                                                                                                                                                                                                                                      Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\web_history_db

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                      Entropy (8bit):7.996832720621768
                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                      File name:purchaseorder4.exe
                                                                                                                                                                                                                                                                      File size:18'813'776 bytes
                                                                                                                                                                                                                                                                      MD5:5914b824880c616d105867599dac3d76
                                                                                                                                                                                                                                                                      SHA1:e55db01b770d5371a83be03f9e4a3f4b4520380e
                                                                                                                                                                                                                                                                      SHA256:49c7e194b5876770a6e8e680c8b606ab07ffca891d4921be7a38f9d600347b1b
                                                                                                                                                                                                                                                                      SHA512:8bc28fe02de0a9567603bcddf2048d448d8bab8ab79d1a91b9fc7e095d82b5e94c4166646388f0b9533c7b816d106b00797acdd35e9094410cb6b5a66a11dfd8
                                                                                                                                                                                                                                                                      SSDEEP:393216:1EkZQjTP8AxYDMDfDgrc6hodr/H4OIUKyXnsS6:1hQj4Xgb0I4odrf4OIxins
                                                                                                                                                                                                                                                                      TLSH:7E173367326048F6E4E1E63C88019BA976A1F4434F91E9DB17BCCB6A5F833E05C76760
                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................-.....................,.............................................................Rich...........

                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                      Icon Hash:2c6d8d96625c6c70

                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Entrypoint:0x14000c540
                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                      Time Stamp:0x6621EADD [Fri Apr 19 03:54:05 2024 UTC]
                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                      OS Version Minor:2
                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                      File Version Minor:2
                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                      Subsystem Version Minor:2
                                                                                                                                                                                                                                                                      Import Hash:f4f2e2b03fe5666a721620fcea3aea9b

                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                                      call 00007F50313C863Ch
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                                      jmp 00007F50313C825Fh
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                                      call 00007F50313C8BB4h
                                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                                      je 00007F50313C8403h
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                                      jmp 00007F50313C83E7h
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                                                                                      je 00007F50313C83F6h
                                                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      cmpxchg dword ptr [00034FACh], ecx
                                                                                                                                                                                                                                                                      jne 00007F50313C83D0h
                                                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                                                      jmp 00007F50313C83D9h
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                                                                                      jne 00007F50313C83E9h
                                                                                                                                                                                                                                                                      mov byte ptr [00034F95h], 00000001h
                                                                                                                                                                                                                                                                      call 00007F50313C89C1h
                                                                                                                                                                                                                                                                      call 00007F50313C8FC8h
                                                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                                                      jne 00007F50313C83E6h
                                                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                                                      jmp 00007F50313C83F6h
                                                                                                                                                                                                                                                                      call 00007F50313D6F5Fh
                                                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                                                      jne 00007F50313C83EBh
                                                                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                                                                      call 00007F50313C8FD8h
                                                                                                                                                                                                                                                                      jmp 00007F50313C83CCh
                                                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                                                                      cmp byte ptr [00034F5Ch], 00000000h
                                                                                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                                                                                      jne 00007F50313C8449h
                                                                                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                                                                                      jnbe 00007F50313C844Ch
                                                                                                                                                                                                                                                                      call 00007F50313C8B2Ah
                                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                                      je 00007F50313C840Ah
                                                                                                                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                                                                                                                      jne 00007F50313C8406h
                                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                                      lea ecx, dword ptr [00034F46h]
                                                                                                                                                                                                                                                                      call 00007F50313D6D52h

                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3e0bc0x78.rdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x16b4.rsrc
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x430000x231c.pdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x490000x758.reloc
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3b4600x1c.rdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3b3200x140.rdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2c0000x438.rdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                      .text0x10000x2afb00x2b00040bf1edebd1304ce1b08c50cb556d4dbFalse0.5458416606104651data6.5002315273868IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .rdata0x2c0000x12f360x1300059904eaa10bda931fc1376be01c7caabFalse0.5160875822368421data5.8279586755359265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .data0x3f0000x33b80xe00ae0f42b168987b17129506ccc4960b21False0.13392857142857142firmware 32a2 vdf2d (revision 2569732096) \377\377\377\377 , version 256.0.512, 0 bytes or less, at 0xcd5d20d2 1725235199 bytes , at 0 0 bytes , at 0xffffffff 16777216 bytes1.8264700601019173IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                      .pdata0x430000x231c0x2400ffc5390666982cab67e3c9bf8e263bc3False0.4784071180555556data5.382434020909434IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      _RDATA0x460000x1f40x200771f0b097891d31289bb68f0eb426e66False0.529296875data3.713242247775091IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .rsrc0x470000x16b40x1800081c21926f7ec07a835129f4970714a4False0.3123372395833333data5.483060285646776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .reloc0x490000x7580x8007ecf18b15822e1aa4c79b9a361f07c79False0.546875data5.250941834312499IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                      RT_ICON0x470e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 32395 x 32395 px/m0.2600844277673546
                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x481900x14data1.1
                                                                                                                                                                                                                                                                      RT_MANIFEST0x481a40x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                      USER32.dllCreateWindowExW, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                                                                                      KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, CreateFileW, GetFinalPathNameByHandleW, CloseHandle, GetModuleFileNameW, CreateSymbolicLinkW, GetCPInfo, GetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, GetProcAddress, GetSystemTimeAsFileTime, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                                                      ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                                      GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.707485914 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.916134119 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.916435003 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.275661945 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.284825087 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.493618011 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.494086027 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.704071045 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.706773996 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.929462910 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.929518938 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.929559946 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.929600000 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.929595947 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.929673910 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.931832075 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.932746887 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.181812048 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.182034016 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.390568972 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.390706062 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.397707939 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.611071110 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.611639977 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.820343018 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:35.820800066 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.069664001 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.118851900 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.119131088 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.327963114 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.328020096 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.328588009 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.539225101 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.539271116 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.568279028 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.568764925 CEST49726587192.168.2.5192.236.232.35
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.779977083 CEST58749726192.236.232.35192.168.2.5
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:36.780445099 CEST49726587192.168.2.5192.236.232.35

                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.238640070 CEST6016853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.703596115 CEST53601681.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.238640070 CEST192.168.2.51.1.1.10xacc2Standard query (0)mail.dasmake.xyzA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:56:57.510416985 CEST1.1.1.1192.168.2.50xd4faNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:56:57.510416985 CEST1.1.1.1192.168.2.50xd4faNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:56:57.857319117 CEST1.1.1.1192.168.2.50xce04No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:56:57.857319117 CEST1.1.1.1192.168.2.50xce04No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.703596115 CEST1.1.1.1192.168.2.50xacc2No error (0)mail.dasmake.xyzdasmake.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:33.703596115 CEST1.1.1.1192.168.2.50xacc2No error (0)dasmake.xyz192.236.232.35A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                      SMTP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.275661945 CEST58749726192.236.232.35192.168.2.5220-ams-shared-10.hostwindsdns.com ESMTP Exim 4.96.2 #2 Fri, 19 Apr 2024 05:57:34 -0700
                                                                                                                                                                                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                      220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.493618011 CEST58749726192.236.232.35192.168.2.5250-ams-shared-10.hostwindsdns.com Hello [192.168.2.5] [81.181.57.52]
                                                                                                                                                                                                                                                                      250-SIZE 52428800
                                                                                                                                                                                                                                                                      250-8BITMIME
                                                                                                                                                                                                                                                                      250-PIPELINING
                                                                                                                                                                                                                                                                      250-PIPECONNECT
                                                                                                                                                                                                                                                                      250-STARTTLS
                                                                                                                                                                                                                                                                      250 HELP
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.494086027 CEST49726587192.168.2.5192.236.232.35STARTTLS
                                                                                                                                                                                                                                                                      Apr 19, 2024 14:57:34.704071045 CEST58749726192.236.232.35192.168.2.5220 TLS go ahead

                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                      Start time:14:57:26
                                                                                                                                                                                                                                                                      Start date:19/04/2024
                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\purchaseorder4.exe"
                                                                                                                                                                                                                                                                      Imagebase:0x7ff781700000
                                                                                                                                                                                                                                                                      File size:18'813'776 bytes
                                                                                                                                                                                                                                                                      MD5 hash:5914B824880C616D105867599DAC3D76
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                      Start time:14:57:29
                                                                                                                                                                                                                                                                      Start date:19/04/2024
                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\purchaseorder4.exe"
                                                                                                                                                                                                                                                                      Imagebase:0x7ff781700000
                                                                                                                                                                                                                                                                      File size:18'813'776 bytes
                                                                                                                                                                                                                                                                      MD5 hash:5914B824880C616D105867599DAC3D76
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                      Start time:14:57:30
                                                                                                                                                                                                                                                                      Start date:19/04/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                                      Imagebase:0x7ff6eb650000
                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                      Start time:14:57:30
                                                                                                                                                                                                                                                                      Start date:19/04/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                        Execution Coverage:10.3%
                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                        Signature Coverage:18.6%
                                                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                                                        Total number of Limit Nodes:36
                                                                                                                                                                                                                                                                        execution_graph 19496 7ff78172bea9 19497 7ff78172beb8 19496->19497 19498 7ff78172bec2 19496->19498 19500 7ff781721208 LeaveCriticalSection 19497->19500 16404 7ff78170c3cc 16425 7ff78170c59c 16404->16425 16407 7ff78170c518 16529 7ff78170c8bc IsProcessorFeaturePresent 16407->16529 16408 7ff78170c3e8 __scrt_acquire_startup_lock 16410 7ff78170c522 16408->16410 16417 7ff78170c406 __scrt_release_startup_lock 16408->16417 16411 7ff78170c8bc 7 API calls 16410->16411 16413 7ff78170c52d _CreateFrameInfo 16411->16413 16412 7ff78170c42b 16414 7ff78170c4b1 16431 7ff78170ca04 16414->16431 16416 7ff78170c4b6 16434 7ff781701000 16416->16434 16417->16412 16417->16414 16518 7ff78171a8e0 16417->16518 16422 7ff78170c4d9 16422->16413 16525 7ff78170c720 16422->16525 16426 7ff78170c5a4 16425->16426 16427 7ff78170c5b0 __scrt_dllmain_crt_thread_attach 16426->16427 16428 7ff78170c3e0 16427->16428 16429 7ff78170c5bd 16427->16429 16428->16407 16428->16408 16429->16428 16536 7ff78170d1c0 16429->16536 16563 7ff78172b580 16431->16563 16435 7ff78170100b 16434->16435 16565 7ff7817089b0 16435->16565 16437 7ff78170101d 16572 7ff7817166e8 16437->16572 16439 7ff7817039ab 16579 7ff781701ea0 16439->16579 16443 7ff78170c010 _wfindfirst32i64 8 API calls 16444 7ff781703b73 16443->16444 16523 7ff78170ca48 GetModuleHandleW 16444->16523 16445 7ff7817039ca 16516 7ff781703ab2 16445->16516 16604 7ff781707d70 16445->16604 16447 7ff7817039ff 16448 7ff781703a4b 16447->16448 16450 7ff781707d70 61 API calls 16447->16450 16619 7ff781708250 16448->16619 16455 7ff781703a20 __std_exception_copy 16450->16455 16451 7ff781703a60 16623 7ff781701ca0 16451->16623 16454 7ff781703b2d 16457 7ff781703b8d 16454->16457 16642 7ff781708b80 16454->16642 16455->16448 16459 7ff781708250 58 API calls 16455->16459 16456 7ff781701ca0 121 API calls 16458 7ff781703a96 16456->16458 16462 7ff781703bdb 16457->16462 16457->16516 16666 7ff781708de0 16457->16666 16460 7ff781703a9a 16458->16460 16461 7ff781703ab7 16458->16461 16459->16448 16742 7ff781702b10 16460->16742 16461->16454 16755 7ff781704060 16461->16755 16680 7ff781706ff0 16462->16680 16467 7ff781703bc0 16471 7ff781703b53 16467->16471 16472 7ff781703bce SetDllDirectoryW 16467->16472 16475 7ff781702b10 59 API calls 16471->16475 16472->16462 16475->16516 16477 7ff781703ad5 16482 7ff781702b10 59 API calls 16477->16482 16479 7ff781703bf5 16507 7ff781703c27 16479->16507 16787 7ff781706800 16479->16787 16480 7ff781703b03 16480->16454 16483 7ff781703b08 16480->16483 16481 7ff781703d11 16684 7ff7817034a0 16481->16684 16482->16516 16774 7ff78171097c 16483->16774 16489 7ff781703c46 16497 7ff781703c88 16489->16497 16823 7ff781701ee0 16489->16823 16490 7ff781703c29 16491 7ff781706a50 FreeLibrary 16490->16491 16491->16507 16494 7ff781703cdc 16827 7ff781703440 16494->16827 16495 7ff781703cb9 PostMessageW GetMessageW 16495->16494 16497->16494 16497->16495 16497->16516 16499 7ff781703d2b 16692 7ff7817081e0 16499->16692 16501 7ff781703c18 16817 7ff781706e40 16501->16817 16502 7ff781703d3e 16505 7ff781707d70 61 API calls 16502->16505 16508 7ff781703d4a 16505->16508 16506 7ff781703cec 16509 7ff781706a50 FreeLibrary 16506->16509 16507->16481 16507->16489 16510 7ff781703d7a 16508->16510 16511 7ff781703d57 PostMessageW GetMessageW 16508->16511 16509->16516 16699 7ff781708290 16510->16699 16511->16510 16516->16443 16519 7ff78171a918 16518->16519 16520 7ff78171a8f7 16518->16520 19373 7ff78171b188 16519->19373 16520->16414 16524 7ff78170ca59 16523->16524 16524->16422 16527 7ff78170c731 16525->16527 16526 7ff78170c4f0 16526->16412 16527->16526 16528 7ff78170d1c0 7 API calls 16527->16528 16528->16526 16530 7ff78170c8e2 _wfindfirst32i64 memcpy_s 16529->16530 16531 7ff78170c901 RtlCaptureContext RtlLookupFunctionEntry 16530->16531 16532 7ff78170c92a RtlVirtualUnwind 16531->16532 16533 7ff78170c966 memcpy_s 16531->16533 16532->16533 16534 7ff78170c998 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16533->16534 16535 7ff78170c9e6 _wfindfirst32i64 16534->16535 16535->16410 16537 7ff78170d1c8 16536->16537 16538 7ff78170d1d2 16536->16538 16542 7ff78170d564 16537->16542 16538->16428 16543 7ff78170d1cd 16542->16543 16544 7ff78170d573 16542->16544 16546 7ff78170d5d0 16543->16546 16550 7ff78170e560 16544->16550 16547 7ff78170d5fb 16546->16547 16548 7ff78170d5de DeleteCriticalSection 16547->16548 16549 7ff78170d5ff 16547->16549 16548->16547 16549->16538 16554 7ff78170e3c8 16550->16554 16559 7ff78170e40c __vcrt_InitializeCriticalSectionEx 16554->16559 16561 7ff78170e4b2 TlsFree 16554->16561 16555 7ff78170e43a LoadLibraryExW 16557 7ff78170e4d9 16555->16557 16558 7ff78170e45b GetLastError 16555->16558 16556 7ff78170e4f9 GetProcAddress 16556->16561 16557->16556 16560 7ff78170e4f0 FreeLibrary 16557->16560 16558->16559 16559->16555 16559->16556 16559->16561 16562 7ff78170e47d LoadLibraryExW 16559->16562 16560->16556 16562->16557 16562->16559 16564 7ff78170ca1b GetStartupInfoW 16563->16564 16564->16416 16568 7ff7817089cf 16565->16568 16566 7ff781708a20 WideCharToMultiByte 16566->16568 16569 7ff781708ac6 16566->16569 16567 7ff7817089d7 __std_exception_copy 16567->16437 16568->16566 16568->16567 16568->16569 16570 7ff781708a74 WideCharToMultiByte 16568->16570 16861 7ff7817029c0 16569->16861 16570->16568 16570->16569 16574 7ff781720840 16572->16574 16573 7ff781720893 16575 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 16573->16575 16574->16573 16576 7ff7817208e6 16574->16576 16578 7ff7817208bc 16575->16578 17258 7ff781720718 16576->17258 16578->16439 16580 7ff781701eb5 16579->16580 16582 7ff781701ed0 16580->16582 17266 7ff781702870 16580->17266 16582->16516 16583 7ff781703f00 16582->16583 16584 7ff78170bfb0 16583->16584 16585 7ff781703f0c GetModuleFileNameW 16584->16585 16586 7ff781703f55 16585->16586 16587 7ff781703f3e 16585->16587 17306 7ff781708ef0 16586->17306 16588 7ff7817029c0 57 API calls 16587->16588 16590 7ff781703f51 16588->16590 16594 7ff78170c010 _wfindfirst32i64 8 API calls 16590->16594 16592 7ff781703f80 17317 7ff7817040e0 16592->17317 16593 7ff781703f70 16595 7ff781702b10 59 API calls 16593->16595 16597 7ff781703fd9 16594->16597 16595->16590 16597->16445 16599 7ff781701ee0 49 API calls 16600 7ff781703fa5 16599->16600 16600->16590 16601 7ff781703fac 16600->16601 17325 7ff781704340 16601->17325 16605 7ff781707d7a 16604->16605 16606 7ff781708de0 57 API calls 16605->16606 16607 7ff781707d9c GetEnvironmentVariableW 16606->16607 16608 7ff781707e06 16607->16608 16609 7ff781707db4 ExpandEnvironmentStringsW 16607->16609 16610 7ff78170c010 _wfindfirst32i64 8 API calls 16608->16610 16611 7ff781708ef0 59 API calls 16609->16611 16613 7ff781707e18 16610->16613 16612 7ff781707ddc 16611->16612 16612->16608 16614 7ff781707de6 16612->16614 16613->16447 17340 7ff78171b1bc 16614->17340 16617 7ff78170c010 _wfindfirst32i64 8 API calls 16618 7ff781707dfe 16617->16618 16618->16447 16620 7ff781708de0 57 API calls 16619->16620 16621 7ff781708267 SetEnvironmentVariableW 16620->16621 16622 7ff78170827f __std_exception_copy 16621->16622 16622->16451 16624 7ff781701cae 16623->16624 16625 7ff781701ee0 49 API calls 16624->16625 16626 7ff781701ce4 16625->16626 16627 7ff781701ee0 49 API calls 16626->16627 16636 7ff781701dce 16626->16636 16629 7ff781701d0a 16627->16629 16628 7ff78170c010 _wfindfirst32i64 8 API calls 16630 7ff781701e5c 16628->16630 16629->16636 17347 7ff781701a90 16629->17347 16630->16454 16630->16456 16634 7ff781701dbc 16635 7ff781703e80 49 API calls 16634->16635 16635->16636 16636->16628 16637 7ff781701d7f 16637->16634 16638 7ff781701e24 16637->16638 16639 7ff781703e80 49 API calls 16638->16639 16640 7ff781701e31 16639->16640 17383 7ff781704140 16640->17383 16643 7ff781708b95 16642->16643 17425 7ff781708860 GetCurrentProcess OpenProcessToken 16643->17425 16646 7ff781708860 7 API calls 16647 7ff781708bc1 16646->16647 16648 7ff781708bda 16647->16648 16649 7ff781708bf4 16647->16649 17435 7ff781708950 16648->17435 16651 7ff781708950 48 API calls 16649->16651 16653 7ff781708c07 LocalFree LocalFree 16651->16653 16654 7ff781708c23 16653->16654 16656 7ff781708c2f 16653->16656 17439 7ff781702c30 16654->17439 16657 7ff78170c010 _wfindfirst32i64 8 API calls 16656->16657 16658 7ff781703b4e 16657->16658 16658->16471 16659 7ff7817014e0 16658->16659 16660 7ff78170156f 16659->16660 16661 7ff7817014f6 16659->16661 16660->16457 17646 7ff781707b60 16661->17646 16664 7ff781702b10 59 API calls 16665 7ff781701554 16664->16665 16665->16457 16667 7ff781708e87 MultiByteToWideChar 16666->16667 16668 7ff781708e01 MultiByteToWideChar 16666->16668 16671 7ff781708eaa 16667->16671 16672 7ff781708ecf 16667->16672 16669 7ff781708e27 16668->16669 16670 7ff781708e4c 16668->16670 16673 7ff7817029c0 55 API calls 16669->16673 16670->16667 16677 7ff781708e62 16670->16677 16674 7ff7817029c0 55 API calls 16671->16674 16672->16467 16675 7ff781708e3a 16673->16675 16676 7ff781708ebd 16674->16676 16675->16467 16676->16467 16678 7ff7817029c0 55 API calls 16677->16678 16679 7ff781708e75 16678->16679 16679->16467 16681 7ff781707005 16680->16681 16682 7ff781703be0 16681->16682 16683 7ff781702870 59 API calls 16681->16683 16682->16507 16778 7ff781706ca0 16682->16778 16683->16682 16686 7ff781703513 16684->16686 16690 7ff781703554 16684->16690 16685 7ff78170c010 _wfindfirst32i64 8 API calls 16687 7ff7817035a5 16685->16687 16686->16690 17978 7ff781701700 16686->17978 18020 7ff781702d50 16686->18020 16687->16516 16691 7ff781708b50 LocalFree 16687->16691 16690->16685 16691->16499 16693 7ff781708de0 57 API calls 16692->16693 16694 7ff7817081ff 16693->16694 16695 7ff781708de0 57 API calls 16694->16695 16696 7ff78170820f 16695->16696 16697 7ff781718610 38 API calls 16696->16697 16698 7ff78170821d __std_exception_copy 16697->16698 16698->16502 16700 7ff7817082a0 16699->16700 16701 7ff781708de0 57 API calls 16700->16701 16702 7ff7817082d1 SetConsoleCtrlHandler GetStartupInfoW 16701->16702 16703 7ff781708332 16702->16703 18503 7ff78171b234 16703->18503 16743 7ff781702b30 16742->16743 16744 7ff7817152b4 49 API calls 16743->16744 16745 7ff781702b7b memcpy_s 16744->16745 16746 7ff781708de0 57 API calls 16745->16746 16747 7ff781702bb0 16746->16747 16748 7ff781702bb5 16747->16748 16749 7ff781702bed MessageBoxA 16747->16749 16750 7ff781708de0 57 API calls 16748->16750 16751 7ff781702c07 16749->16751 16752 7ff781702bcf MessageBoxW 16750->16752 16753 7ff78170c010 _wfindfirst32i64 8 API calls 16751->16753 16752->16751 16754 7ff781702c17 16753->16754 16754->16516 16756 7ff78170406c 16755->16756 16757 7ff781708de0 57 API calls 16756->16757 16758 7ff781704097 16757->16758 16759 7ff781708de0 57 API calls 16758->16759 16760 7ff7817040aa 16759->16760 18554 7ff7817169e4 16760->18554 16763 7ff78170c010 _wfindfirst32i64 8 API calls 16764 7ff781703acd 16763->16764 16764->16477 16765 7ff7817084c0 16764->16765 16766 7ff7817084e4 16765->16766 16767 7ff781711004 73 API calls 16766->16767 16772 7ff7817085bb __std_exception_copy 16766->16772 16768 7ff7817084fe 16767->16768 16768->16772 18933 7ff781719894 16768->18933 16770 7ff781711004 73 API calls 16773 7ff781708513 16770->16773 16771 7ff781710ccc _fread_nolock 53 API calls 16771->16773 16772->16480 16773->16770 16773->16771 16773->16772 16775 7ff7817109ac 16774->16775 18948 7ff781710758 16775->18948 16777 7ff7817109c5 16777->16477 16779 7ff781706cc3 16778->16779 16780 7ff781706cda 16778->16780 16779->16780 18959 7ff781701590 16779->18959 16780->16479 16782 7ff781706ce4 16782->16780 16783 7ff781704140 49 API calls 16782->16783 16784 7ff781706d45 16783->16784 16785 7ff781702b10 59 API calls 16784->16785 16786 7ff781706db5 __std_exception_copy memcpy_s 16784->16786 16785->16780 16786->16479 16800 7ff78170681a memcpy_s 16787->16800 16789 7ff78170693f 16791 7ff781704140 49 API calls 16789->16791 16790 7ff78170695b 16792 7ff781702b10 59 API calls 16790->16792 16793 7ff7817069b8 16791->16793 16798 7ff781706951 __std_exception_copy 16792->16798 16796 7ff781704140 49 API calls 16793->16796 16794 7ff781704140 49 API calls 16794->16800 16795 7ff781706920 16795->16789 16799 7ff781704140 49 API calls 16795->16799 16797 7ff7817069e8 16796->16797 16803 7ff781704140 49 API calls 16797->16803 16801 7ff78170c010 _wfindfirst32i64 8 API calls 16798->16801 16799->16789 16800->16789 16800->16790 16800->16794 16800->16795 16800->16800 16804 7ff781701700 135 API calls 16800->16804 16805 7ff781706941 16800->16805 18983 7ff781701940 16800->18983 16802 7ff781703c06 16801->16802 16802->16490 16807 7ff781706780 16802->16807 16803->16798 16804->16800 16806 7ff781702b10 59 API calls 16805->16806 16806->16798 18987 7ff781708470 16807->18987 16809 7ff78170679c 16810 7ff781708470 58 API calls 16809->16810 16811 7ff7817067af 16810->16811 16812 7ff7817067e5 16811->16812 16813 7ff7817067c7 16811->16813 16814 7ff781702b10 59 API calls 16812->16814 18991 7ff781707100 GetProcAddress 16813->18991 16816 7ff781703c14 16814->16816 16816->16490 16816->16501 16818 7ff781706e64 16817->16818 16819 7ff781702b10 59 API calls 16818->16819 16822 7ff781706eda 16818->16822 16820 7ff781706ebe 16819->16820 16821 7ff781706a50 FreeLibrary 16820->16821 16821->16822 16822->16507 16824 7ff781701f05 16823->16824 16825 7ff7817152b4 49 API calls 16824->16825 16826 7ff781701f28 16825->16826 16826->16497 19050 7ff781705dd0 16827->19050 16830 7ff78170348d 16830->16506 16832 7ff781703464 16832->16830 19119 7ff781705b30 16832->19119 16834 7ff781703470 16834->16830 16880 7ff78170bfb0 16861->16880 16864 7ff781702a09 16882 7ff7817152b4 16864->16882 16869 7ff781701ee0 49 API calls 16870 7ff781702a66 memcpy_s 16869->16870 16871 7ff781708de0 54 API calls 16870->16871 16872 7ff781702a9b 16871->16872 16873 7ff781702aa0 16872->16873 16874 7ff781702ad8 MessageBoxA 16872->16874 16875 7ff781708de0 54 API calls 16873->16875 16876 7ff781702af2 16874->16876 16877 7ff781702aba MessageBoxW 16875->16877 16878 7ff78170c010 _wfindfirst32i64 8 API calls 16876->16878 16877->16876 16879 7ff781702b02 16878->16879 16879->16567 16881 7ff7817029dc GetLastError 16880->16881 16881->16864 16884 7ff78171530e 16882->16884 16883 7ff781715333 16886 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 16883->16886 16884->16883 16885 7ff78171536f 16884->16885 16912 7ff781713540 16885->16912 16899 7ff78171535d 16886->16899 16888 7ff78171544c 16891 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16888->16891 16890 7ff78170c010 _wfindfirst32i64 8 API calls 16892 7ff781702a37 16890->16892 16891->16899 16900 7ff781708770 16892->16900 16893 7ff781715470 16893->16888 16896 7ff78171547a 16893->16896 16894 7ff781715421 16897 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16894->16897 16895 7ff781715418 16895->16888 16895->16894 16898 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16896->16898 16897->16899 16898->16899 16899->16890 16901 7ff78170877c 16900->16901 16902 7ff781708797 GetLastError 16901->16902 16903 7ff78170879d FormatMessageW 16901->16903 16902->16903 16904 7ff7817087ec WideCharToMultiByte 16903->16904 16905 7ff7817087d0 16903->16905 16907 7ff7817087e3 16904->16907 16908 7ff781708826 16904->16908 16906 7ff7817029c0 54 API calls 16905->16906 16906->16907 16910 7ff78170c010 _wfindfirst32i64 8 API calls 16907->16910 16909 7ff7817029c0 54 API calls 16908->16909 16909->16907 16911 7ff781702a3e 16910->16911 16911->16869 16913 7ff78171357e 16912->16913 16914 7ff78171356e 16912->16914 16915 7ff781713587 16913->16915 16920 7ff7817135b5 16913->16920 16918 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 16914->16918 16916 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 16915->16916 16917 7ff7817135ad 16916->16917 16917->16888 16917->16893 16917->16894 16917->16895 16918->16917 16920->16914 16920->16917 16922 7ff781713864 16920->16922 16926 7ff781713ed0 16920->16926 16952 7ff781713b98 16920->16952 16982 7ff781713420 16920->16982 16985 7ff7817150f0 16920->16985 16924 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 16922->16924 16924->16914 16927 7ff781713f12 16926->16927 16928 7ff781713f85 16926->16928 16931 7ff781713faf 16927->16931 16932 7ff781713f18 16927->16932 16929 7ff781713f8a 16928->16929 16930 7ff781713fdf 16928->16930 16933 7ff781713f8c 16929->16933 16934 7ff781713fbf 16929->16934 16930->16931 16938 7ff781713fee 16930->16938 16950 7ff781713f48 16930->16950 17009 7ff781712480 16931->17009 16932->16938 16939 7ff781713f1d 16932->16939 16935 7ff781713f2d 16933->16935 16941 7ff781713f9b 16933->16941 17016 7ff781712070 16934->17016 16951 7ff78171401d 16935->16951 16991 7ff781714834 16935->16991 16938->16951 17023 7ff781712890 16938->17023 16939->16935 16942 7ff781713f60 16939->16942 16939->16950 16941->16931 16944 7ff781713fa0 16941->16944 16942->16951 17001 7ff781714cf0 16942->17001 16944->16951 17005 7ff781714e88 16944->17005 16946 7ff78170c010 _wfindfirst32i64 8 API calls 16948 7ff7817142b3 16946->16948 16948->16920 16950->16951 17030 7ff78171f608 16950->17030 16951->16946 16953 7ff781713bb9 16952->16953 16954 7ff781713ba3 16952->16954 16955 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 16953->16955 16958 7ff781713bf7 16953->16958 16956 7ff781713f12 16954->16956 16957 7ff781713f85 16954->16957 16954->16958 16955->16958 16959 7ff781713f18 16956->16959 16960 7ff781713faf 16956->16960 16961 7ff781713f8a 16957->16961 16962 7ff781713fdf 16957->16962 16958->16920 16968 7ff781713f1d 16959->16968 16970 7ff781713fee 16959->16970 16966 7ff781712480 38 API calls 16960->16966 16963 7ff781713f8c 16961->16963 16964 7ff781713fbf 16961->16964 16962->16960 16962->16970 16972 7ff781713f48 16962->16972 16965 7ff781713f2d 16963->16965 16974 7ff781713f9b 16963->16974 16969 7ff781712070 38 API calls 16964->16969 16967 7ff781714834 47 API calls 16965->16967 16981 7ff78171401d 16965->16981 16966->16972 16967->16972 16968->16965 16971 7ff781713f60 16968->16971 16968->16972 16969->16972 16973 7ff781712890 38 API calls 16970->16973 16970->16981 16975 7ff781714cf0 47 API calls 16971->16975 16971->16981 16980 7ff78171f608 47 API calls 16972->16980 16972->16981 16973->16972 16974->16960 16976 7ff781713fa0 16974->16976 16975->16972 16978 7ff781714e88 37 API calls 16976->16978 16976->16981 16977 7ff78170c010 _wfindfirst32i64 8 API calls 16979 7ff7817142b3 16977->16979 16978->16972 16979->16920 16980->16972 16981->16977 17186 7ff781711644 16982->17186 16986 7ff781715107 16985->16986 17203 7ff78171e768 16986->17203 16992 7ff781714856 16991->16992 17040 7ff7817114b0 16992->17040 16997 7ff7817150f0 45 API calls 16999 7ff781714993 16997->16999 16998 7ff7817150f0 45 API calls 17000 7ff781714a1c 16998->17000 16999->16998 16999->16999 16999->17000 17000->16950 17002 7ff781714d70 17001->17002 17003 7ff781714d08 17001->17003 17002->16950 17003->17002 17004 7ff78171f608 47 API calls 17003->17004 17004->17002 17006 7ff781714ea9 17005->17006 17007 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17006->17007 17008 7ff781714eda 17006->17008 17007->17008 17008->16950 17010 7ff7817124b3 17009->17010 17011 7ff7817124e2 17010->17011 17013 7ff78171259f 17010->17013 17012 7ff7817114b0 12 API calls 17011->17012 17015 7ff78171251f 17011->17015 17012->17015 17014 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17013->17014 17014->17015 17015->16950 17017 7ff7817120a3 17016->17017 17018 7ff7817120d2 17017->17018 17020 7ff78171218f 17017->17020 17019 7ff7817114b0 12 API calls 17018->17019 17022 7ff78171210f 17018->17022 17019->17022 17021 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17020->17021 17021->17022 17022->16950 17024 7ff7817128c3 17023->17024 17025 7ff7817128f2 17024->17025 17027 7ff7817129af 17024->17027 17026 7ff7817114b0 12 API calls 17025->17026 17029 7ff78171292f 17025->17029 17026->17029 17028 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17027->17028 17028->17029 17029->16950 17031 7ff78171f630 17030->17031 17032 7ff78171f675 17031->17032 17033 7ff7817150f0 45 API calls 17031->17033 17035 7ff78171f65e memcpy_s 17031->17035 17039 7ff78171f635 memcpy_s 17031->17039 17032->17035 17032->17039 17183 7ff781721640 17032->17183 17033->17032 17034 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17034->17039 17035->17034 17035->17039 17039->16950 17041 7ff7817114d6 17040->17041 17042 7ff7817114e7 17040->17042 17048 7ff78171f320 17041->17048 17042->17041 17070 7ff78171e3ac 17042->17070 17045 7ff781711528 17047 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17045->17047 17046 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17046->17045 17047->17041 17049 7ff78171f33d 17048->17049 17050 7ff78171f370 17048->17050 17051 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17049->17051 17050->17049 17052 7ff78171f3a2 17050->17052 17060 7ff781714971 17051->17060 17057 7ff78171f4b5 17052->17057 17065 7ff78171f3ea 17052->17065 17053 7ff78171f5a7 17110 7ff78171e80c 17053->17110 17055 7ff78171f56d 17103 7ff78171eba4 17055->17103 17057->17053 17057->17055 17058 7ff78171f53c 17057->17058 17059 7ff78171f4ff 17057->17059 17062 7ff78171f4f5 17057->17062 17096 7ff78171ee84 17058->17096 17086 7ff78171f0b4 17059->17086 17060->16997 17060->16999 17062->17055 17064 7ff78171f4fa 17062->17064 17064->17058 17064->17059 17065->17060 17077 7ff78171b25c 17065->17077 17068 7ff78171b6b8 _wfindfirst32i64 17 API calls 17069 7ff78171f604 17068->17069 17071 7ff78171e3f7 17070->17071 17075 7ff78171e3bb _set_fmode 17070->17075 17072 7ff781715cb4 _set_fmode 11 API calls 17071->17072 17074 7ff781711514 17072->17074 17073 7ff78171e3de RtlAllocateHeap 17073->17074 17073->17075 17074->17045 17074->17046 17075->17071 17075->17073 17076 7ff7817243e0 _set_fmode 2 API calls 17075->17076 17076->17075 17078 7ff78171b269 17077->17078 17079 7ff78171b273 17077->17079 17078->17079 17082 7ff78171b28e 17078->17082 17080 7ff781715cb4 _set_fmode 11 API calls 17079->17080 17081 7ff78171b27a 17080->17081 17084 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17081->17084 17083 7ff78171b286 17082->17083 17085 7ff781715cb4 _set_fmode 11 API calls 17082->17085 17083->17060 17083->17068 17084->17083 17085->17081 17119 7ff781724efc 17086->17119 17090 7ff78171f15c 17091 7ff78171f1b1 17090->17091 17092 7ff78171f17c 17090->17092 17095 7ff78171f160 17090->17095 17172 7ff78171eca0 17091->17172 17168 7ff78171ef5c 17092->17168 17095->17060 17097 7ff781724efc 38 API calls 17096->17097 17098 7ff78171eece 17097->17098 17099 7ff781724944 37 API calls 17098->17099 17100 7ff78171ef1e 17099->17100 17101 7ff78171ef22 17100->17101 17102 7ff78171ef5c 45 API calls 17100->17102 17101->17060 17102->17101 17104 7ff781724efc 38 API calls 17103->17104 17105 7ff78171ebef 17104->17105 17106 7ff781724944 37 API calls 17105->17106 17107 7ff78171ec47 17106->17107 17108 7ff78171ec4b 17107->17108 17109 7ff78171eca0 45 API calls 17107->17109 17108->17060 17109->17108 17111 7ff78171e851 17110->17111 17112 7ff78171e884 17110->17112 17113 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17111->17113 17114 7ff78171e89c 17112->17114 17116 7ff78171e91d 17112->17116 17118 7ff78171e87d memcpy_s 17113->17118 17115 7ff78171eba4 46 API calls 17114->17115 17115->17118 17117 7ff7817150f0 45 API calls 17116->17117 17116->17118 17117->17118 17118->17060 17120 7ff781724f4f fegetenv 17119->17120 17121 7ff781728e5c 37 API calls 17120->17121 17126 7ff781724fa2 17121->17126 17122 7ff781724fcf 17125 7ff78171b25c __std_exception_copy 37 API calls 17122->17125 17123 7ff781725092 17124 7ff781728e5c 37 API calls 17123->17124 17127 7ff7817250bc 17124->17127 17128 7ff78172504d 17125->17128 17126->17123 17129 7ff781724fbd 17126->17129 17130 7ff78172506c 17126->17130 17131 7ff781728e5c 37 API calls 17127->17131 17133 7ff781726174 17128->17133 17138 7ff781725055 17128->17138 17129->17122 17129->17123 17134 7ff78171b25c __std_exception_copy 37 API calls 17130->17134 17132 7ff7817250cd 17131->17132 17135 7ff781729050 20 API calls 17132->17135 17136 7ff78171b6b8 _wfindfirst32i64 17 API calls 17133->17136 17134->17128 17146 7ff781725136 memcpy_s 17135->17146 17137 7ff781726189 17136->17137 17139 7ff78170c010 _wfindfirst32i64 8 API calls 17138->17139 17140 7ff78171f101 17139->17140 17164 7ff781724944 17140->17164 17141 7ff7817254df memcpy_s 17142 7ff781725177 memcpy_s 17157 7ff781725abb memcpy_s 17142->17157 17158 7ff7817255d3 memcpy_s 17142->17158 17143 7ff78172581f 17144 7ff781724a60 37 API calls 17143->17144 17151 7ff781725f37 17144->17151 17145 7ff7817257cb 17145->17143 17147 7ff78172618c memcpy_s 37 API calls 17145->17147 17146->17141 17146->17142 17148 7ff781715cb4 _set_fmode 11 API calls 17146->17148 17147->17143 17149 7ff7817255b0 17148->17149 17150 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17149->17150 17150->17142 17153 7ff78172618c memcpy_s 37 API calls 17151->17153 17163 7ff781725f92 17151->17163 17152 7ff781726118 17154 7ff781728e5c 37 API calls 17152->17154 17153->17163 17154->17138 17155 7ff781715cb4 11 API calls _set_fmode 17155->17157 17156 7ff781715cb4 11 API calls _set_fmode 17156->17158 17157->17143 17157->17145 17157->17155 17160 7ff78171b698 37 API calls _invalid_parameter_noinfo 17157->17160 17158->17145 17158->17156 17161 7ff78171b698 37 API calls _invalid_parameter_noinfo 17158->17161 17159 7ff781724a60 37 API calls 17159->17163 17160->17157 17161->17158 17162 7ff78172618c memcpy_s 37 API calls 17162->17163 17163->17152 17163->17159 17163->17162 17165 7ff781724963 17164->17165 17166 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17165->17166 17167 7ff78172498e memcpy_s 17165->17167 17166->17167 17167->17090 17169 7ff78171ef88 memcpy_s 17168->17169 17170 7ff7817150f0 45 API calls 17169->17170 17171 7ff78171f042 memcpy_s 17169->17171 17170->17171 17171->17095 17173 7ff78171ecdb 17172->17173 17177 7ff78171ed28 memcpy_s 17172->17177 17174 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17173->17174 17175 7ff78171ed07 17174->17175 17175->17095 17176 7ff78171ed93 17178 7ff78171b25c __std_exception_copy 37 API calls 17176->17178 17177->17176 17179 7ff7817150f0 45 API calls 17177->17179 17182 7ff78171edd5 memcpy_s 17178->17182 17179->17176 17180 7ff78171b6b8 _wfindfirst32i64 17 API calls 17181 7ff78171ee80 17180->17181 17182->17180 17184 7ff781721664 WideCharToMultiByte 17183->17184 17187 7ff781711671 17186->17187 17188 7ff781711683 17186->17188 17189 7ff781715cb4 _set_fmode 11 API calls 17187->17189 17191 7ff781711690 17188->17191 17195 7ff7817116cd 17188->17195 17190 7ff781711676 17189->17190 17192 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17190->17192 17193 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17191->17193 17194 7ff781711681 17192->17194 17193->17194 17194->16920 17196 7ff781711776 17195->17196 17197 7ff781715cb4 _set_fmode 11 API calls 17195->17197 17196->17194 17198 7ff781715cb4 _set_fmode 11 API calls 17196->17198 17199 7ff78171176b 17197->17199 17200 7ff781711820 17198->17200 17201 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17199->17201 17202 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17200->17202 17201->17196 17202->17194 17204 7ff78171512f 17203->17204 17205 7ff78171e781 17203->17205 17207 7ff78171e7d4 17204->17207 17205->17204 17211 7ff781724154 17205->17211 17208 7ff78171e7ed 17207->17208 17209 7ff78171513f 17207->17209 17208->17209 17255 7ff7817234a0 17208->17255 17209->16920 17223 7ff78171bf00 GetLastError 17211->17223 17214 7ff7817241ae 17214->17204 17224 7ff78171bf41 FlsSetValue 17223->17224 17225 7ff78171bf24 FlsGetValue 17223->17225 17226 7ff78171bf31 17224->17226 17227 7ff78171bf53 17224->17227 17225->17226 17228 7ff78171bf3b 17225->17228 17229 7ff78171bfad SetLastError 17226->17229 17230 7ff78171f948 _set_fmode 11 API calls 17227->17230 17228->17224 17231 7ff78171bfba 17229->17231 17232 7ff78171bfcd 17229->17232 17233 7ff78171bf62 17230->17233 17231->17214 17245 7ff7817211a8 EnterCriticalSection 17231->17245 17246 7ff78171b2bc 17232->17246 17235 7ff78171bf80 FlsSetValue 17233->17235 17236 7ff78171bf70 FlsSetValue 17233->17236 17239 7ff78171bf8c FlsSetValue 17235->17239 17240 7ff78171bf9e 17235->17240 17238 7ff78171bf79 17236->17238 17241 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17238->17241 17239->17238 17242 7ff78171bcac _set_fmode 11 API calls 17240->17242 17241->17226 17243 7ff78171bfa6 17242->17243 17244 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17243->17244 17244->17229 17247 7ff7817244a0 _CreateFrameInfo EnterCriticalSection LeaveCriticalSection 17246->17247 17248 7ff78171b2c5 17247->17248 17249 7ff78171b2d4 17248->17249 17250 7ff7817244f0 _CreateFrameInfo 44 API calls 17248->17250 17251 7ff78171b307 _CreateFrameInfo 17249->17251 17252 7ff78171b2dd IsProcessorFeaturePresent 17249->17252 17250->17249 17253 7ff78171b2ec 17252->17253 17254 7ff78171b3cc _wfindfirst32i64 14 API calls 17253->17254 17254->17251 17256 7ff78171bf00 _CreateFrameInfo 45 API calls 17255->17256 17257 7ff7817234a9 17256->17257 17265 7ff781715b5c EnterCriticalSection 17258->17265 17267 7ff78170288c 17266->17267 17268 7ff7817152b4 49 API calls 17267->17268 17269 7ff7817028dd 17268->17269 17270 7ff781715cb4 _set_fmode 11 API calls 17269->17270 17271 7ff7817028e2 17270->17271 17285 7ff781715cd4 17271->17285 17274 7ff781701ee0 49 API calls 17275 7ff781702911 memcpy_s 17274->17275 17276 7ff781708de0 57 API calls 17275->17276 17277 7ff781702946 17276->17277 17278 7ff781702983 MessageBoxA 17277->17278 17279 7ff78170294b 17277->17279 17281 7ff78170299d 17278->17281 17280 7ff781708de0 57 API calls 17279->17280 17282 7ff781702965 MessageBoxW 17280->17282 17283 7ff78170c010 _wfindfirst32i64 8 API calls 17281->17283 17282->17281 17284 7ff7817029ad 17283->17284 17284->16582 17286 7ff78171c078 _set_fmode 11 API calls 17285->17286 17287 7ff781715ceb 17286->17287 17288 7ff7817028e9 17287->17288 17289 7ff78171f948 _set_fmode 11 API calls 17287->17289 17291 7ff781715d2b 17287->17291 17288->17274 17290 7ff781715d20 17289->17290 17292 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17290->17292 17291->17288 17297 7ff781720018 17291->17297 17292->17291 17295 7ff78171b6b8 _wfindfirst32i64 17 API calls 17296 7ff781715d70 17295->17296 17301 7ff781720035 17297->17301 17298 7ff78172003a 17299 7ff781715d51 17298->17299 17300 7ff781715cb4 _set_fmode 11 API calls 17298->17300 17299->17288 17299->17295 17302 7ff781720044 17300->17302 17301->17298 17301->17299 17304 7ff781720084 17301->17304 17303 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17302->17303 17303->17299 17304->17299 17305 7ff781715cb4 _set_fmode 11 API calls 17304->17305 17305->17302 17307 7ff781708f82 WideCharToMultiByte 17306->17307 17308 7ff781708f14 WideCharToMultiByte 17306->17308 17309 7ff781708faf 17307->17309 17316 7ff781703f6b 17307->17316 17310 7ff781708f3e 17308->17310 17311 7ff781708f55 17308->17311 17312 7ff7817029c0 57 API calls 17309->17312 17313 7ff7817029c0 57 API calls 17310->17313 17311->17307 17314 7ff781708f6b 17311->17314 17312->17316 17313->17316 17315 7ff7817029c0 57 API calls 17314->17315 17315->17316 17316->16592 17316->16593 17318 7ff7817040ea 17317->17318 17319 7ff781708de0 57 API calls 17318->17319 17320 7ff781704112 17319->17320 17335 7ff781708d00 FindFirstFileExW 17320->17335 17323 7ff78170c010 _wfindfirst32i64 8 API calls 17324 7ff781703f88 17323->17324 17324->16590 17324->16599 17326 7ff781704352 17325->17326 17327 7ff781708de0 57 API calls 17326->17327 17328 7ff781704380 CreateFileW 17327->17328 17329 7ff78170441f 17328->17329 17330 7ff7817043b7 GetFinalPathNameByHandleW CloseHandle 17328->17330 17332 7ff78170c010 _wfindfirst32i64 8 API calls 17329->17332 17330->17329 17331 7ff7817043e3 __vcrt_InitializeCriticalSectionEx 17330->17331 17334 7ff781708ef0 59 API calls 17331->17334 17333 7ff781703fb9 17332->17333 17333->16590 17334->17329 17336 7ff781708d3d FindClose 17335->17336 17337 7ff781708d50 17335->17337 17336->17337 17338 7ff78170c010 _wfindfirst32i64 8 API calls 17337->17338 17339 7ff78170411c 17338->17339 17339->17323 17341 7ff78171b1d3 17340->17341 17344 7ff781707dee 17340->17344 17342 7ff78171b25c __std_exception_copy 37 API calls 17341->17342 17341->17344 17343 7ff78171b200 17342->17343 17343->17344 17345 7ff78171b6b8 _wfindfirst32i64 17 API calls 17343->17345 17344->16617 17346 7ff78171b230 17345->17346 17348 7ff781704060 116 API calls 17347->17348 17349 7ff781701ac6 17348->17349 17350 7ff781701c74 17349->17350 17351 7ff7817084c0 83 API calls 17349->17351 17352 7ff78170c010 _wfindfirst32i64 8 API calls 17350->17352 17353 7ff781701afe 17351->17353 17354 7ff781701c88 17352->17354 17379 7ff781701b2f 17353->17379 17386 7ff781711004 17353->17386 17354->16636 17380 7ff781703e80 17354->17380 17356 7ff78171097c 74 API calls 17356->17350 17357 7ff781701b18 17358 7ff781701b34 17357->17358 17359 7ff781701b1c 17357->17359 17390 7ff781710ccc 17358->17390 17360 7ff781702870 59 API calls 17359->17360 17360->17379 17363 7ff781701b4f 17365 7ff781702870 59 API calls 17363->17365 17364 7ff781701b67 17366 7ff781711004 73 API calls 17364->17366 17365->17379 17367 7ff781701bb4 17366->17367 17368 7ff781701bc6 17367->17368 17369 7ff781701bde 17367->17369 17370 7ff781702870 59 API calls 17368->17370 17371 7ff781710ccc _fread_nolock 53 API calls 17369->17371 17370->17379 17372 7ff781701bf3 17371->17372 17373 7ff781701c0e 17372->17373 17374 7ff781701bf9 17372->17374 17393 7ff781710a40 17373->17393 17376 7ff781702870 59 API calls 17374->17376 17376->17379 17378 7ff781702b10 59 API calls 17378->17379 17379->17356 17381 7ff781701ee0 49 API calls 17380->17381 17382 7ff781703e9d 17381->17382 17382->16637 17384 7ff781701ee0 49 API calls 17383->17384 17385 7ff781704170 17384->17385 17385->16636 17385->17385 17387 7ff781711034 17386->17387 17399 7ff781710d94 17387->17399 17389 7ff78171104d 17389->17357 17411 7ff781710cec 17390->17411 17394 7ff781710a49 17393->17394 17398 7ff781701c22 17393->17398 17395 7ff781715cb4 _set_fmode 11 API calls 17394->17395 17396 7ff781710a4e 17395->17396 17397 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17396->17397 17397->17398 17398->17378 17398->17379 17400 7ff781710dfe 17399->17400 17401 7ff781710dbe 17399->17401 17400->17401 17403 7ff781710e0a 17400->17403 17402 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17401->17402 17404 7ff781710de5 17402->17404 17410 7ff781715b5c EnterCriticalSection 17403->17410 17404->17389 17412 7ff781710d16 17411->17412 17423 7ff781701b49 17411->17423 17413 7ff781710d62 17412->17413 17415 7ff781710d25 memcpy_s 17412->17415 17412->17423 17424 7ff781715b5c EnterCriticalSection 17413->17424 17416 7ff781715cb4 _set_fmode 11 API calls 17415->17416 17418 7ff781710d3a 17416->17418 17420 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17418->17420 17420->17423 17423->17363 17423->17364 17426 7ff78170889f GetTokenInformation 17425->17426 17427 7ff781708921 __std_exception_copy 17425->17427 17428 7ff7817088c0 GetLastError 17426->17428 17431 7ff7817088cb 17426->17431 17429 7ff78170893a 17427->17429 17430 7ff781708934 CloseHandle 17427->17430 17428->17427 17428->17431 17429->16646 17430->17429 17431->17427 17432 7ff7817088e7 GetTokenInformation 17431->17432 17432->17427 17433 7ff78170890a 17432->17433 17433->17427 17434 7ff781708914 ConvertSidToStringSidW 17433->17434 17434->17427 17436 7ff781708975 17435->17436 17452 7ff781715508 17436->17452 17440 7ff781702c50 17439->17440 17441 7ff7817152b4 49 API calls 17440->17441 17442 7ff781702c9b memcpy_s 17441->17442 17443 7ff781708de0 57 API calls 17442->17443 17444 7ff781702cd0 17443->17444 17445 7ff781702cd5 17444->17445 17446 7ff781702d0d MessageBoxA 17444->17446 17447 7ff781708de0 57 API calls 17445->17447 17448 7ff781702d27 17446->17448 17449 7ff781702cef MessageBoxW 17447->17449 17450 7ff78170c010 _wfindfirst32i64 8 API calls 17448->17450 17449->17448 17451 7ff781702d37 17450->17451 17451->16656 17454 7ff781715562 17452->17454 17453 7ff781715587 17456 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17453->17456 17454->17453 17455 7ff7817155c3 17454->17455 17470 7ff7817138c0 17455->17470 17458 7ff7817155b1 17456->17458 17461 7ff78170c010 _wfindfirst32i64 8 API calls 17458->17461 17459 7ff7817156a4 17460 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17459->17460 17460->17458 17463 7ff781708998 17461->17463 17463->16653 17464 7ff781715679 17468 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17464->17468 17465 7ff7817156ca 17465->17459 17467 7ff7817156d4 17465->17467 17466 7ff781715670 17466->17459 17466->17464 17469 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17467->17469 17468->17458 17469->17458 17471 7ff7817138fe 17470->17471 17472 7ff7817138ee 17470->17472 17473 7ff781713907 17471->17473 17477 7ff781713935 17471->17477 17475 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17472->17475 17476 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17473->17476 17474 7ff78171392d 17474->17459 17474->17464 17474->17465 17474->17466 17475->17474 17476->17474 17477->17472 17477->17474 17481 7ff7817142d4 17477->17481 17514 7ff781713d20 17477->17514 17551 7ff7817134b0 17477->17551 17482 7ff781714387 17481->17482 17483 7ff781714316 17481->17483 17486 7ff78171438c 17482->17486 17487 7ff7817143e0 17482->17487 17484 7ff78171431c 17483->17484 17485 7ff7817143b1 17483->17485 17488 7ff781714350 17484->17488 17489 7ff781714321 17484->17489 17570 7ff781712684 17485->17570 17490 7ff78171438e 17486->17490 17491 7ff7817143c1 17486->17491 17492 7ff7817143f7 17487->17492 17493 7ff7817143ea 17487->17493 17498 7ff7817143ef 17487->17498 17495 7ff781714327 17488->17495 17488->17498 17489->17492 17489->17495 17496 7ff781714330 17490->17496 17501 7ff78171439d 17490->17501 17577 7ff781712274 17491->17577 17584 7ff781714fdc 17492->17584 17493->17485 17493->17498 17495->17496 17502 7ff781714362 17495->17502 17511 7ff78171434b 17495->17511 17512 7ff781714420 17496->17512 17554 7ff781714a88 17496->17554 17498->17512 17588 7ff781712a94 17498->17588 17501->17485 17504 7ff7817143a2 17501->17504 17502->17512 17564 7ff781714dc4 17502->17564 17507 7ff781714e88 37 API calls 17504->17507 17504->17512 17506 7ff78170c010 _wfindfirst32i64 8 API calls 17508 7ff78171471a 17506->17508 17507->17511 17508->17477 17509 7ff7817150f0 45 API calls 17513 7ff78171460c 17509->17513 17511->17509 17511->17512 17511->17513 17512->17506 17513->17512 17595 7ff78171f7b8 17513->17595 17515 7ff781713d2e 17514->17515 17516 7ff781713d44 17514->17516 17518 7ff781713d84 17515->17518 17519 7ff781714387 17515->17519 17520 7ff781714316 17515->17520 17517 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17516->17517 17516->17518 17517->17518 17518->17477 17523 7ff78171438c 17519->17523 17524 7ff7817143e0 17519->17524 17521 7ff78171431c 17520->17521 17522 7ff7817143b1 17520->17522 17525 7ff781714350 17521->17525 17526 7ff781714321 17521->17526 17531 7ff781712684 38 API calls 17522->17531 17527 7ff78171438e 17523->17527 17528 7ff7817143c1 17523->17528 17529 7ff7817143f7 17524->17529 17530 7ff7817143ea 17524->17530 17535 7ff7817143ef 17524->17535 17532 7ff781714327 17525->17532 17525->17535 17526->17529 17526->17532 17533 7ff781714330 17527->17533 17540 7ff78171439d 17527->17540 17537 7ff781712274 38 API calls 17528->17537 17536 7ff781714fdc 45 API calls 17529->17536 17530->17522 17530->17535 17546 7ff78171434b 17531->17546 17532->17533 17538 7ff781714362 17532->17538 17532->17546 17534 7ff781714a88 47 API calls 17533->17534 17550 7ff781714420 17533->17550 17534->17546 17539 7ff781712a94 38 API calls 17535->17539 17535->17550 17536->17546 17537->17546 17541 7ff781714dc4 46 API calls 17538->17541 17538->17550 17539->17546 17540->17522 17542 7ff7817143a2 17540->17542 17541->17546 17544 7ff781714e88 37 API calls 17542->17544 17542->17550 17543 7ff78170c010 _wfindfirst32i64 8 API calls 17545 7ff78171471a 17543->17545 17544->17546 17545->17477 17547 7ff7817150f0 45 API calls 17546->17547 17549 7ff78171460c 17546->17549 17546->17550 17547->17549 17548 7ff78171f7b8 46 API calls 17548->17549 17549->17548 17549->17550 17550->17543 17629 7ff7817118f8 17551->17629 17555 7ff781714aae 17554->17555 17556 7ff7817114b0 12 API calls 17555->17556 17557 7ff781714afe 17556->17557 17558 7ff78171f320 46 API calls 17557->17558 17559 7ff781714bd1 17558->17559 17560 7ff781714bf3 17559->17560 17561 7ff7817150f0 45 API calls 17559->17561 17562 7ff781714c81 17560->17562 17563 7ff7817150f0 45 API calls 17560->17563 17561->17560 17562->17511 17562->17562 17563->17562 17566 7ff781714df9 17564->17566 17565 7ff781714e17 17568 7ff78171f7b8 46 API calls 17565->17568 17566->17565 17567 7ff7817150f0 45 API calls 17566->17567 17569 7ff781714e3e 17566->17569 17567->17565 17568->17569 17569->17511 17571 7ff7817126b7 17570->17571 17572 7ff7817126e6 17571->17572 17574 7ff7817127a3 17571->17574 17576 7ff781712723 17572->17576 17607 7ff781711558 17572->17607 17575 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17574->17575 17575->17576 17576->17511 17578 7ff7817122a7 17577->17578 17579 7ff7817122d6 17578->17579 17581 7ff781712393 17578->17581 17580 7ff781711558 12 API calls 17579->17580 17583 7ff781712313 17579->17583 17580->17583 17582 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17581->17582 17582->17583 17583->17511 17585 7ff78171501f 17584->17585 17587 7ff781715023 __crtLCMapStringW 17585->17587 17615 7ff781715078 17585->17615 17587->17511 17589 7ff781712ac7 17588->17589 17590 7ff781712af6 17589->17590 17592 7ff781712bb3 17589->17592 17591 7ff781711558 12 API calls 17590->17591 17594 7ff781712b33 17590->17594 17591->17594 17593 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17592->17593 17593->17594 17594->17511 17597 7ff78171f7e9 17595->17597 17605 7ff78171f7f7 17595->17605 17596 7ff78171f817 17599 7ff78171f828 17596->17599 17600 7ff78171f84f 17596->17600 17597->17596 17598 7ff7817150f0 45 API calls 17597->17598 17597->17605 17598->17596 17619 7ff781720f78 17599->17619 17602 7ff78171f8da 17600->17602 17603 7ff78171f879 17600->17603 17600->17605 17604 7ff7817203f0 _fread_nolock MultiByteToWideChar 17602->17604 17603->17605 17622 7ff7817203f0 17603->17622 17604->17605 17605->17513 17608 7ff78171158f 17607->17608 17614 7ff78171157e 17607->17614 17609 7ff78171e3ac _fread_nolock 12 API calls 17608->17609 17608->17614 17610 7ff7817115c0 17609->17610 17611 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17610->17611 17613 7ff7817115d4 17610->17613 17611->17613 17612 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17612->17614 17613->17612 17614->17576 17616 7ff78171509e 17615->17616 17617 7ff781715096 17615->17617 17616->17587 17618 7ff7817150f0 45 API calls 17617->17618 17618->17616 17625 7ff781727ec0 17619->17625 17623 7ff7817203f9 MultiByteToWideChar 17622->17623 17628 7ff781727f24 17625->17628 17626 7ff78170c010 _wfindfirst32i64 8 API calls 17627 7ff781720f95 17626->17627 17627->17605 17628->17626 17630 7ff78171192d 17629->17630 17631 7ff78171193f 17629->17631 17632 7ff781715cb4 _set_fmode 11 API calls 17630->17632 17634 7ff78171194d 17631->17634 17637 7ff781711989 17631->17637 17633 7ff781711932 17632->17633 17635 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17633->17635 17636 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 17634->17636 17641 7ff78171193d 17635->17641 17636->17641 17638 7ff781711d05 17637->17638 17640 7ff781715cb4 _set_fmode 11 API calls 17637->17640 17639 7ff781715cb4 _set_fmode 11 API calls 17638->17639 17638->17641 17642 7ff781711f99 17639->17642 17643 7ff781711cfa 17640->17643 17641->17477 17644 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17642->17644 17645 7ff78171b698 _invalid_parameter_noinfo 37 API calls 17643->17645 17644->17641 17645->17638 17647 7ff781707b76 17646->17647 17648 7ff781707bed GetTempPathW 17647->17648 17649 7ff781707b9a 17647->17649 17650 7ff781707c02 17648->17650 17651 7ff781707d70 61 API calls 17649->17651 17685 7ff781702810 17650->17685 17652 7ff781707ba6 17651->17652 17697 7ff781707630 17652->17697 17658 7ff78170c010 _wfindfirst32i64 8 API calls 17660 7ff78170153f 17658->17660 17660->16660 17660->16664 17662 7ff781707cc6 17665 7ff781708ef0 59 API calls 17662->17665 17663 7ff781707c1b __std_exception_copy 17663->17662 17668 7ff781707c51 17663->17668 17689 7ff7817192c8 17663->17689 17692 7ff781708d80 17663->17692 17669 7ff781707cd7 __std_exception_copy 17665->17669 17670 7ff781708de0 57 API calls 17668->17670 17683 7ff781707c8a __std_exception_copy 17668->17683 17672 7ff781708de0 57 API calls 17669->17672 17669->17683 17671 7ff781707c67 17670->17671 17673 7ff781707c6c 17671->17673 17674 7ff781707ca9 SetEnvironmentVariableW 17671->17674 17675 7ff781707cf5 17672->17675 17676 7ff781708de0 57 API calls 17673->17676 17674->17683 17677 7ff781707d2d SetEnvironmentVariableW 17675->17677 17678 7ff781707cfa 17675->17678 17679 7ff781707c7c 17676->17679 17677->17683 17680 7ff781708de0 57 API calls 17678->17680 17681 7ff781718610 38 API calls 17679->17681 17682 7ff781707d0a 17680->17682 17681->17683 17684 7ff781718610 38 API calls 17682->17684 17683->17658 17684->17683 17686 7ff781702835 17685->17686 17687 7ff781715508 48 API calls 17686->17687 17688 7ff781702854 17687->17688 17688->17663 17731 7ff781718ef4 17689->17731 17693 7ff781708d90 17692->17693 17694 7ff781708da6 CreateDirectoryW 17692->17694 17695 7ff781702c30 59 API calls 17693->17695 17694->17663 17696 7ff781708d9c 17695->17696 17696->17663 17698 7ff78170763c 17697->17698 17699 7ff781708de0 57 API calls 17698->17699 17700 7ff78170765e 17699->17700 17701 7ff781707666 17700->17701 17702 7ff781707679 ExpandEnvironmentStringsW 17700->17702 17704 7ff781702b10 59 API calls 17701->17704 17703 7ff78170769f __std_exception_copy 17702->17703 17705 7ff7817076b6 17703->17705 17706 7ff7817076a3 17703->17706 17710 7ff781707672 17704->17710 17711 7ff7817076c4 17705->17711 17712 7ff7817076d0 17705->17712 17708 7ff781702b10 59 API calls 17706->17708 17707 7ff78170c010 _wfindfirst32i64 8 API calls 17709 7ff781707798 17707->17709 17708->17710 17709->17683 17721 7ff781718610 17709->17721 17710->17707 17862 7ff781717ee4 17711->17862 17869 7ff7817181e0 17712->17869 17715 7ff7817076ce 17716 7ff7817076ea 17715->17716 17719 7ff7817076fd memcpy_s 17715->17719 17717 7ff781702b10 59 API calls 17716->17717 17717->17710 17718 7ff781707772 CreateDirectoryW 17718->17710 17719->17718 17720 7ff78170774c CreateDirectoryW 17719->17720 17720->17719 17722 7ff78171861d 17721->17722 17723 7ff781718630 17721->17723 17724 7ff781715cb4 _set_fmode 11 API calls 17722->17724 17970 7ff781718294 17723->17970 17726 7ff781718622 17724->17726 17772 7ff7817223b0 17731->17772 17831 7ff781722128 17772->17831 17852 7ff7817211a8 EnterCriticalSection 17831->17852 17863 7ff781717f35 17862->17863 17864 7ff781717f02 17862->17864 17863->17715 17864->17863 17881 7ff781721344 17864->17881 17870 7ff78171826a 17869->17870 17871 7ff7817181fc 17869->17871 17915 7ff781721618 17870->17915 17871->17870 17873 7ff781718201 17871->17873 17874 7ff781718219 17873->17874 17875 7ff781718236 17873->17875 17890 7ff781717fb0 GetFullPathNameW 17874->17890 17898 7ff781718024 GetFullPathNameW 17875->17898 17882 7ff78172135b 17881->17882 17883 7ff781721351 17881->17883 17884 7ff781715cb4 _set_fmode 11 API calls 17882->17884 17883->17882 17888 7ff781721377 17883->17888 17918 7ff781721428 17915->17918 17977 7ff7817211a8 EnterCriticalSection 17970->17977 17979 7ff781701716 17978->17979 17980 7ff78170172e 17978->17980 17981 7ff781702b10 59 API calls 17979->17981 17982 7ff781701734 17980->17982 17983 7ff781701758 17980->17983 17986 7ff781701722 17981->17986 18110 7ff7817012a0 17982->18110 18071 7ff781707e20 17983->18071 17986->16686 17989 7ff78170174f 17989->16686 17990 7ff78170177d 17993 7ff781702870 59 API calls 17990->17993 17991 7ff7817017a9 17994 7ff781704060 116 API calls 17991->17994 17992 7ff781702b10 59 API calls 17992->17989 17995 7ff781701793 17993->17995 17996 7ff7817017be 17994->17996 17995->16686 17997 7ff7817017c6 17996->17997 17998 7ff7817017de 17996->17998 18000 7ff781702b10 59 API calls 17997->18000 17999 7ff781711004 73 API calls 17998->17999 18002 7ff7817017ef 17999->18002 18001 7ff7817017d5 18000->18001 18006 7ff78171097c 74 API calls 18001->18006 18003 7ff781701813 18002->18003 18004 7ff7817017f3 18002->18004 18007 7ff781701831 18003->18007 18008 7ff781701819 18003->18008 18005 7ff781702870 59 API calls 18004->18005 18014 7ff781701809 __std_exception_copy 18005->18014 18009 7ff781701927 18006->18009 18012 7ff781701853 18007->18012 18018 7ff781701872 18007->18018 18090 7ff781701050 18008->18090 18009->16686 18011 7ff78171097c 74 API calls 18011->18001 18013 7ff781702870 59 API calls 18012->18013 18013->18014 18014->18011 18015 7ff781710ccc _fread_nolock 53 API calls 18015->18018 18016 7ff7817018d5 18019 7ff781702870 59 API calls 18016->18019 18018->18014 18018->18015 18018->18016 18149 7ff78171140c 18018->18149 18019->18014 18021 7ff781702d66 18020->18021 18022 7ff781701ee0 49 API calls 18021->18022 18024 7ff781702d99 18022->18024 18023 7ff7817030ca 18024->18023 18025 7ff781703e80 49 API calls 18024->18025 18026 7ff781702e07 18025->18026 18027 7ff781703e80 49 API calls 18026->18027 18028 7ff781702e18 18027->18028 18029 7ff781702e75 18028->18029 18030 7ff781702e39 18028->18030 18032 7ff781703190 75 API calls 18029->18032 18236 7ff781703190 18030->18236 18033 7ff781702e73 18032->18033 18034 7ff781702ef6 18033->18034 18035 7ff781702eb4 18033->18035 18037 7ff781703190 75 API calls 18034->18037 18244 7ff7817077b0 18035->18244 18039 7ff781702f20 18037->18039 18042 7ff781703190 75 API calls 18039->18042 18049 7ff781702fbc 18039->18049 18040 7ff781703151 18048 7ff781702b10 59 API calls 18040->18048 18041 7ff781702ed7 18044 7ff781702f52 18042->18044 18044->18049 18050 7ff781703190 75 API calls 18044->18050 18045 7ff781701ea0 59 API calls 18047 7ff78170300f 18045->18047 18046 7ff781702ef1 18051 7ff78170c010 _wfindfirst32i64 8 API calls 18046->18051 18047->18023 18053 7ff781701ee0 49 API calls 18047->18053 18048->18023 18049->18045 18064 7ff7817030cf 18049->18064 18052 7ff781702f80 18050->18052 18054 7ff781702fb1 18051->18054 18052->18049 18055 7ff781702f84 18052->18055 18056 7ff781703037 18053->18056 18054->16686 18057 7ff781702b10 59 API calls 18055->18057 18056->18040 18059 7ff781701ee0 49 API calls 18056->18059 18057->18046 18058 7ff781702b10 59 API calls 18062 7ff781703128 18058->18062 18060 7ff781703064 18059->18060 18060->18040 18063 7ff781701ee0 49 API calls 18060->18063 18062->18040 18062->18058 18065 7ff781701700 135 API calls 18062->18065 18066 7ff781703091 18063->18066 18064->18062 18281 7ff781715860 18064->18281 18065->18062 18066->18040 18067 7ff781701a90 121 API calls 18066->18067 18072 7ff781707e30 18071->18072 18073 7ff781701ee0 49 API calls 18072->18073 18074 7ff781707e71 18073->18074 18089 7ff781707ef1 18074->18089 18153 7ff781703ff0 18074->18153 18076 7ff78170c010 _wfindfirst32i64 8 API calls 18077 7ff781701775 18076->18077 18077->17990 18077->17991 18078 7ff781707f2b 18159 7ff7817079d0 18078->18159 18081 7ff781707d70 61 API calls 18086 7ff781707ea2 __std_exception_copy 18081->18086 18083 7ff781707ee0 18087 7ff781702c30 59 API calls 18083->18087 18084 7ff781707f14 18085 7ff781702c30 59 API calls 18084->18085 18085->18078 18086->18083 18086->18084 18087->18089 18088 7ff781704060 116 API calls 18088->18089 18089->18076 18091 7ff7817010a6 18090->18091 18092 7ff7817010d3 18091->18092 18093 7ff7817010ad 18091->18093 18096 7ff7817010ed 18092->18096 18097 7ff781701109 18092->18097 18094 7ff781702b10 59 API calls 18093->18094 18095 7ff7817010c0 18094->18095 18095->18014 18098 7ff781702870 59 API calls 18096->18098 18100 7ff78170111b 18097->18100 18101 7ff781701137 memcpy_s 18097->18101 18099 7ff781701104 18098->18099 18102 7ff781702870 59 API calls 18100->18102 18101->18099 18104 7ff781710ccc _fread_nolock 53 API calls 18101->18104 18106 7ff781710a40 37 API calls 18101->18106 18107 7ff7817011fe 18101->18107 18109 7ff78171140c 76 API calls 18101->18109 18102->18099 18104->18101 18106->18101 18109->18101 18111 7ff7817012b2 18110->18111 18112 7ff781704060 116 API calls 18111->18112 18113 7ff7817012e2 18112->18113 18114 7ff781701301 18113->18114 18115 7ff7817012ea 18113->18115 18116 7ff781711004 73 API calls 18114->18116 18117 7ff781702b10 59 API calls 18115->18117 18118 7ff781701313 18116->18118 18145 7ff7817012fa __std_exception_copy 18117->18145 18119 7ff78170133d 18118->18119 18120 7ff781701317 18118->18120 18125 7ff781701380 18119->18125 18126 7ff781701358 18119->18126 18121 7ff781702870 59 API calls 18120->18121 18122 7ff78170132e 18121->18122 18124 7ff78171097c 74 API calls 18122->18124 18123 7ff78170c010 _wfindfirst32i64 8 API calls 18128 7ff781701444 18123->18128 18124->18145 18127 7ff78170139a 18125->18127 18140 7ff781701453 18125->18140 18129 7ff781702870 59 API calls 18126->18129 18130 7ff781701050 98 API calls 18127->18130 18128->17989 18128->17992 18132 7ff781701373 18129->18132 18133 7ff7817013ab 18130->18133 18131 7ff7817013b3 18134 7ff78171097c 74 API calls 18131->18134 18135 7ff78171097c 74 API calls 18132->18135 18133->18131 18136 7ff7817014c2 __std_exception_copy 18133->18136 18137 7ff7817013bf 18134->18137 18135->18145 18143 7ff78171097c 74 API calls 18136->18143 18139 7ff7817079d0 64 API calls 18137->18139 18138 7ff781710ccc _fread_nolock 53 API calls 18138->18140 18141 7ff7817013ce 18139->18141 18140->18131 18140->18138 18142 7ff7817014ab 18140->18142 18141->18145 18146 7ff781701ee0 49 API calls 18141->18146 18144 7ff781702870 59 API calls 18142->18144 18143->18145 18144->18136 18145->18123 18147 7ff7817013fc 18146->18147 18147->18145 18207 7ff781704260 18147->18207 18150 7ff78171143c 18149->18150 18221 7ff78171115c 18150->18221 18152 7ff78171145a 18152->18018 18154 7ff781703ffa 18153->18154 18155 7ff781708de0 57 API calls 18154->18155 18156 7ff781704022 18155->18156 18157 7ff78170c010 _wfindfirst32i64 8 API calls 18156->18157 18158 7ff78170404a 18157->18158 18158->18078 18158->18081 18158->18086 18160 7ff7817079e0 18159->18160 18161 7ff781701ee0 49 API calls 18160->18161 18162 7ff781707a11 18161->18162 18163 7ff781707b29 18162->18163 18164 7ff781701ee0 49 API calls 18162->18164 18165 7ff78170c010 _wfindfirst32i64 8 API calls 18163->18165 18167 7ff781707a38 18164->18167 18166 7ff781707b3e 18165->18166 18166->18088 18166->18089 18167->18163 18173 7ff7817168e8 18167->18173 18174 7ff78171bf00 _CreateFrameInfo 45 API calls 18173->18174 18175 7ff7817168fd 18174->18175 18208 7ff781704270 18207->18208 18209 7ff781708de0 57 API calls 18208->18209 18210 7ff78170429e 18209->18210 18222 7ff7817111a9 18221->18222 18223 7ff78171117c 18221->18223 18222->18152 18223->18222 18224 7ff7817111b1 18223->18224 18225 7ff781711186 18223->18225 18237 7ff7817031c4 18236->18237 18238 7ff7817152b4 49 API calls 18237->18238 18239 7ff7817031ea 18238->18239 18240 7ff7817031fb 18239->18240 18296 7ff7817165dc 18239->18296 18242 7ff78170c010 _wfindfirst32i64 8 API calls 18240->18242 18243 7ff781703219 18242->18243 18243->18033 18245 7ff7817077be 18244->18245 18246 7ff781704060 116 API calls 18245->18246 18247 7ff7817077ed 18246->18247 18248 7ff781701ee0 49 API calls 18247->18248 18249 7ff781707816 18248->18249 18250 7ff781703ff0 57 API calls 18249->18250 18269 7ff78170781d 18249->18269 18251 7ff781707830 18250->18251 18253 7ff7817078b4 18251->18253 18259 7ff781707d70 61 API calls 18251->18259 18274 7ff78170784e __std_exception_copy 18251->18274 18252 7ff781707999 18256 7ff78171097c 74 API calls 18252->18256 18273 7ff781707995 18252->18273 18255 7ff7817079d0 64 API calls 18253->18255 18254 7ff7817078f9 18477 7ff781710a14 18254->18477 18258 7ff7817078bf 18255->18258 18256->18273 18268 7ff781704060 116 API calls 18258->18268 18258->18269 18259->18274 18260 7ff781707887 18264 7ff781702c30 59 API calls 18260->18264 18261 7ff78170c010 _wfindfirst32i64 8 API calls 18262 7ff781702ece 18261->18262 18262->18040 18262->18041 18263 7ff781702c30 59 API calls 18263->18253 18264->18269 18265 7ff781707976 18267 7ff78170789d 18267->18263 18268->18269 18269->18252 18269->18254 18270 7ff781710ccc _fread_nolock 53 API calls 18277 7ff7817078fe 18270->18277 18273->18261 18274->18260 18274->18267 18275 7ff781710a40 37 API calls 18275->18277 18276 7ff78171140c 76 API calls 18276->18277 18277->18265 18277->18270 18277->18275 18277->18276 18278 7ff78170793c 18277->18278 18279 7ff781710a14 37 API calls 18277->18279 18279->18277 18282 7ff78171586d 18281->18282 18285 7ff78171589a 18281->18285 18283 7ff781715cb4 _set_fmode 11 API calls 18282->18283 18288 7ff781715824 18282->18288 18287 7ff781715877 18283->18287 18284 7ff7817158bd 18289 7ff781715cb4 _set_fmode 11 API calls 18284->18289 18285->18284 18286 7ff7817158d9 18285->18286 18290 7ff781715788 45 API calls 18286->18290 18291 7ff78171b698 _invalid_parameter_noinfo 37 API calls 18287->18291 18288->18064 18292 7ff7817158c2 18289->18292 18295 7ff7817158cd 18290->18295 18293 7ff781715882 18291->18293 18294 7ff78171b698 _invalid_parameter_noinfo 37 API calls 18292->18294 18293->18064 18294->18295 18295->18064 18297 7ff7817165f9 18296->18297 18298 7ff781716605 18296->18298 18313 7ff781715ef0 18297->18313 18338 7ff781715788 18298->18338 18301 7ff7817165fe 18301->18240 18305 7ff78171663d 18349 7ff781715d74 18305->18349 18307 7ff7817166ad 18309 7ff781715ef0 69 API calls 18307->18309 18308 7ff781716699 18308->18301 18310 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18308->18310 18311 7ff7817166b9 18309->18311 18310->18301 18311->18301 18314 7ff781715f27 18313->18314 18315 7ff781715f0a 18313->18315 18314->18315 18316 7ff781715f3a CreateFileW 18314->18316 18317 7ff781715c94 _fread_nolock 11 API calls 18315->18317 18318 7ff781715f6e 18316->18318 18319 7ff781715fa4 18316->18319 18320 7ff781715f0f 18317->18320 18371 7ff781716044 GetFileType 18318->18371 18397 7ff7817164cc 18319->18397 18323 7ff781715cb4 _set_fmode 11 API calls 18320->18323 18326 7ff781715f17 18323->18326 18331 7ff78171b698 _invalid_parameter_noinfo 37 API calls 18326->18331 18333 7ff781715f22 18331->18333 18333->18301 18339 7ff7817157ac 18338->18339 18345 7ff7817157a7 18338->18345 18340 7ff78171bf00 _CreateFrameInfo 45 API calls 18339->18340 18339->18345 18341 7ff7817157c7 18340->18341 18459 7ff78171e734 18341->18459 18345->18305 18346 7ff78171fbd4 18345->18346 18467 7ff78171f9c0 18346->18467 18350 7ff781715d9e 18349->18350 18351 7ff781715dc2 18349->18351 18354 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18350->18354 18355 7ff781715dad 18350->18355 18352 7ff781715e1c 18351->18352 18357 7ff781715dc7 18351->18357 18353 7ff7817203f0 _fread_nolock MultiByteToWideChar 18352->18353 18361 7ff781715e38 18353->18361 18354->18355 18355->18307 18355->18308 18356 7ff781715ddc 18359 7ff78171e3ac _fread_nolock 12 API calls 18356->18359 18357->18355 18357->18356 18358 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18357->18358 18358->18356 18359->18355 18360 7ff781715e3f GetLastError 18361->18360 18363 7ff781715e7a 18361->18363 18364 7ff781715e6d 18361->18364 18367 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18361->18367 18363->18355 18367->18364 18372 7ff78171614f 18371->18372 18373 7ff781716092 18371->18373 18374 7ff781716157 18372->18374 18375 7ff781716179 18372->18375 18376 7ff7817160be GetFileInformationByHandle 18373->18376 18381 7ff7817163c8 21 API calls 18373->18381 18377 7ff78171616a GetLastError 18374->18377 18378 7ff78171615b 18374->18378 18380 7ff78171619c PeekNamedPipe 18375->18380 18395 7ff78171613a 18375->18395 18376->18377 18379 7ff7817160e7 18376->18379 18384 7ff781715c28 _fread_nolock 11 API calls 18377->18384 18382 7ff781715cb4 _set_fmode 11 API calls 18378->18382 18383 7ff78171628c 51 API calls 18379->18383 18380->18395 18385 7ff7817160ac 18381->18385 18382->18395 18384->18395 18385->18376 18385->18395 18387 7ff78170c010 _wfindfirst32i64 8 API calls 18395->18387 18398 7ff781716502 18397->18398 18399 7ff781715cb4 _set_fmode 11 API calls 18398->18399 18417 7ff78171659a __std_exception_copy 18398->18417 18401 7ff781716514 18399->18401 18400 7ff78170c010 _wfindfirst32i64 8 API calls 18402 7ff781715fa9 18400->18402 18403 7ff781715cb4 _set_fmode 11 API calls 18401->18403 18417->18400 18460 7ff78171e749 18459->18460 18461 7ff7817157ea 18459->18461 18460->18461 18462 7ff781724154 45 API calls 18460->18462 18463 7ff78171e7a0 18461->18463 18462->18461 18464 7ff78171e7c8 18463->18464 18465 7ff78171e7b5 18463->18465 18464->18345 18465->18464 18466 7ff7817234a0 45 API calls 18465->18466 18466->18464 18468 7ff78171fa1d 18467->18468 18475 7ff78171fa18 __vcrt_InitializeCriticalSectionEx 18467->18475 18468->18305 18469 7ff78171fa4d LoadLibraryW 18471 7ff78171fb22 18469->18471 18472 7ff78171fa72 GetLastError 18469->18472 18470 7ff78171fb42 GetProcAddress 18470->18468 18474 7ff78171fb53 18470->18474 18471->18470 18473 7ff78171fb39 FreeLibrary 18471->18473 18472->18475 18473->18470 18474->18468 18475->18468 18475->18469 18475->18470 18476 7ff78171faac LoadLibraryExW 18475->18476 18476->18471 18476->18475 18478 7ff781710a1d 18477->18478 18479 7ff781710a2d 18477->18479 18480 7ff781715cb4 _set_fmode 11 API calls 18478->18480 18479->18277 18481 7ff781710a22 18480->18481 18504 7ff78171b23d 18503->18504 18505 7ff78170833a 18503->18505 18506 7ff781715cb4 _set_fmode 11 API calls 18504->18506 18509 7ff781718e54 18505->18509 18507 7ff78171b242 18506->18507 18510 7ff781718e5d 18509->18510 18512 7ff781718e72 18509->18512 18555 7ff781716918 18554->18555 18556 7ff78171693e 18555->18556 18559 7ff781716971 18555->18559 18557 7ff781715cb4 _set_fmode 11 API calls 18556->18557 18558 7ff781716943 18557->18558 18560 7ff78171b698 _invalid_parameter_noinfo 37 API calls 18558->18560 18561 7ff781716977 18559->18561 18562 7ff781716984 18559->18562 18566 7ff7817040b9 18560->18566 18563 7ff781715cb4 _set_fmode 11 API calls 18561->18563 18573 7ff78171b9e0 18562->18573 18563->18566 18566->16763 18586 7ff7817211a8 EnterCriticalSection 18573->18586 18934 7ff7817198c4 18933->18934 18937 7ff7817193a0 18934->18937 18936 7ff7817198dd 18936->16773 18938 7ff7817193ea 18937->18938 18939 7ff7817193bb 18937->18939 18947 7ff781715b5c EnterCriticalSection 18938->18947 18940 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 18939->18940 18946 7ff7817193db 18940->18946 18946->18936 18949 7ff7817107a1 18948->18949 18950 7ff781710773 18948->18950 18957 7ff781710793 18949->18957 18958 7ff781715b5c EnterCriticalSection 18949->18958 18951 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 18950->18951 18951->18957 18957->16777 18960 7ff781704060 116 API calls 18959->18960 18961 7ff7817015b7 18960->18961 18962 7ff7817015e0 18961->18962 18963 7ff7817015bf 18961->18963 18965 7ff781711004 73 API calls 18962->18965 18964 7ff781702b10 59 API calls 18963->18964 18966 7ff7817015cf 18964->18966 18967 7ff7817015f1 18965->18967 18966->16782 18968 7ff7817015f5 18967->18968 18969 7ff781701611 18967->18969 18970 7ff781702870 59 API calls 18968->18970 18971 7ff781701641 18969->18971 18972 7ff781701621 18969->18972 18979 7ff78170160c __std_exception_copy 18970->18979 18974 7ff781701656 18971->18974 18980 7ff78170166d 18971->18980 18973 7ff781702870 59 API calls 18972->18973 18973->18979 18976 7ff781701050 98 API calls 18974->18976 18975 7ff78171097c 74 API calls 18977 7ff7817016e7 18975->18977 18976->18979 18977->16782 18978 7ff781710ccc _fread_nolock 53 API calls 18978->18980 18979->18975 18980->18978 18980->18979 18981 7ff7817016ae 18980->18981 18982 7ff781702870 59 API calls 18981->18982 18982->18979 18985 7ff7817019c3 18983->18985 18986 7ff78170195f 18983->18986 18984 7ff781715860 45 API calls 18984->18986 18985->16800 18986->18984 18986->18985 18988 7ff781708de0 57 API calls 18987->18988 18989 7ff781708487 LoadLibraryExW 18988->18989 18990 7ff7817084a4 __std_exception_copy 18989->18990 18990->16809 18992 7ff78170714c GetProcAddress 18991->18992 18993 7ff781707129 18991->18993 18992->18993 18994 7ff781707171 GetProcAddress 18992->18994 18995 7ff7817029c0 57 API calls 18993->18995 18994->18993 18996 7ff781707196 GetProcAddress 18994->18996 18997 7ff78170713c 18995->18997 18996->18993 18998 7ff7817071be GetProcAddress 18996->18998 18997->16816 18998->18993 18999 7ff7817071e6 GetProcAddress 18998->18999 18999->18993 19000 7ff78170720e GetProcAddress 18999->19000 19001 7ff781707236 GetProcAddress 19000->19001 19002 7ff78170722a 19000->19002 19003 7ff781707252 19001->19003 19004 7ff78170725e GetProcAddress 19001->19004 19002->19001 19003->19004 19051 7ff781705de0 19050->19051 19052 7ff781701ee0 49 API calls 19051->19052 19053 7ff781705e12 19052->19053 19054 7ff781705e3b 19053->19054 19055 7ff781705e1b 19053->19055 19057 7ff781705e92 19054->19057 19060 7ff781704140 49 API calls 19054->19060 19056 7ff781702b10 59 API calls 19055->19056 19059 7ff781705e31 19056->19059 19058 7ff781704140 49 API calls 19057->19058 19061 7ff781705eab 19058->19061 19065 7ff78170c010 _wfindfirst32i64 8 API calls 19059->19065 19062 7ff781705e5c 19060->19062 19063 7ff781705ec9 19061->19063 19066 7ff781702b10 59 API calls 19061->19066 19064 7ff781705e7a 19062->19064 19068 7ff781702b10 59 API calls 19062->19068 19067 7ff781708470 58 API calls 19063->19067 19069 7ff781703ff0 57 API calls 19064->19069 19070 7ff78170344e 19065->19070 19066->19063 19071 7ff781705ed6 19067->19071 19068->19064 19072 7ff781705e84 19069->19072 19070->16830 19078 7ff781705f30 19070->19078 19073 7ff781705efd 19071->19073 19074 7ff781705edb 19071->19074 19072->19057 19077 7ff781708470 58 API calls 19072->19077 19148 7ff7817053f0 GetProcAddress 19073->19148 19075 7ff7817029c0 57 API calls 19074->19075 19075->19059 19077->19057 19232 7ff781704ff0 19078->19232 19080 7ff781705f54 19081 7ff781705f6d 19080->19081 19082 7ff781705f5c 19080->19082 19239 7ff781704730 19081->19239 19083 7ff781702b10 59 API calls 19082->19083 19091 7ff781705f68 19083->19091 19086 7ff781705f8a 19089 7ff781705fa8 19086->19089 19090 7ff781705f97 19086->19090 19087 7ff781705f79 19088 7ff781702b10 59 API calls 19087->19088 19088->19091 19243 7ff781704a80 19089->19243 19092 7ff781702b10 59 API calls 19090->19092 19091->16832 19092->19091 19120 7ff781705b47 19119->19120 19120->19120 19121 7ff781705b70 19120->19121 19126 7ff781705b87 __std_exception_copy 19120->19126 19122 7ff781702b10 59 API calls 19121->19122 19123 7ff781705b7c 19122->19123 19123->16834 19124 7ff781701590 122 API calls 19124->19126 19125 7ff781702b10 59 API calls 19125->19126 19126->19124 19126->19125 19127 7ff781705c75 19126->19127 19127->16834 19149 7ff781705412 19148->19149 19150 7ff781705430 GetProcAddress 19148->19150 19152 7ff7817029c0 57 API calls 19149->19152 19150->19149 19151 7ff781705455 GetProcAddress 19150->19151 19151->19149 19153 7ff78170547a GetProcAddress 19151->19153 19154 7ff781705425 19152->19154 19153->19149 19155 7ff7817054a2 GetProcAddress 19153->19155 19154->19059 19155->19149 19156 7ff7817054ca GetProcAddress 19155->19156 19156->19149 19157 7ff7817054f2 GetProcAddress 19156->19157 19157->19149 19158 7ff78170551a GetProcAddress 19157->19158 19159 7ff781705536 19158->19159 19160 7ff781705542 GetProcAddress 19158->19160 19159->19160 19161 7ff78170555e 19160->19161 19162 7ff78170556a GetProcAddress 19160->19162 19161->19162 19163 7ff781705586 19162->19163 19164 7ff781705592 GetProcAddress 19162->19164 19163->19164 19234 7ff781705015 19232->19234 19233 7ff78170501d 19233->19080 19234->19233 19235 7ff7817051af 19234->19235 19274 7ff7817174f4 19234->19274 19236 7ff78170535a __std_exception_copy 19235->19236 19237 7ff781704450 47 API calls 19235->19237 19236->19080 19237->19235 19240 7ff781704760 19239->19240 19241 7ff78170c010 _wfindfirst32i64 8 API calls 19240->19241 19242 7ff7817047ca 19241->19242 19242->19086 19242->19087 19244 7ff781704af1 19243->19244 19247 7ff781704a94 19243->19247 19275 7ff781717524 19274->19275 19278 7ff7817169f0 19275->19278 19277 7ff781717554 19277->19234 19279 7ff781716a21 19278->19279 19280 7ff781716a33 19278->19280 19281 7ff781715cb4 _set_fmode 11 API calls 19279->19281 19282 7ff781716a7d 19280->19282 19284 7ff781716a40 19280->19284 19283 7ff781716a26 19281->19283 19285 7ff781716a98 19282->19285 19289 7ff7817150f0 45 API calls 19282->19289 19287 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19283->19287 19288 7ff78171b5cc _invalid_parameter_noinfo 37 API calls 19284->19288 19290 7ff781716aba 19285->19290 19299 7ff78171747c 19285->19299 19294 7ff781716a31 19287->19294 19288->19294 19289->19285 19291 7ff781716b5b 19290->19291 19292 7ff781715cb4 _set_fmode 11 API calls 19290->19292 19293 7ff781715cb4 _set_fmode 11 API calls 19291->19293 19291->19294 19295 7ff781716b50 19292->19295 19296 7ff781716c06 19293->19296 19294->19277 19297 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19295->19297 19298 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19296->19298 19297->19291 19298->19294 19300 7ff78171749f 19299->19300 19303 7ff7817174b6 19299->19303 19305 7ff781720e40 19300->19305 19302 7ff7817174a4 19302->19285 19303->19302 19310 7ff781720e70 19303->19310 19306 7ff78171bf00 _CreateFrameInfo 45 API calls 19305->19306 19307 7ff781720e49 19306->19307 19311 7ff781715788 45 API calls 19310->19311 19374 7ff78171bf00 _CreateFrameInfo 45 API calls 19373->19374 19375 7ff78171b191 19374->19375 19376 7ff78171b2bc _CreateFrameInfo 45 API calls 19375->19376 19377 7ff78171b1b1 19376->19377 19629 7ff78171d2d0 19640 7ff7817211a8 EnterCriticalSection 19629->19640 19641 7ff781728cd0 19644 7ff781723440 19641->19644 19645 7ff781723492 19644->19645 19646 7ff78172344d 19644->19646 19650 7ff78171bfd4 19646->19650 19651 7ff78171c000 FlsSetValue 19650->19651 19652 7ff78171bfe5 FlsGetValue 19650->19652 19654 7ff78171bff2 19651->19654 19655 7ff78171c00d 19651->19655 19653 7ff78171bffa 19652->19653 19652->19654 19653->19651 19656 7ff78171b2bc _CreateFrameInfo 45 API calls 19654->19656 19658 7ff78171bff8 19654->19658 19657 7ff78171f948 _set_fmode 11 API calls 19655->19657 19659 7ff78171c075 19656->19659 19660 7ff78171c01c 19657->19660 19670 7ff781723114 19658->19670 19661 7ff78171c03a FlsSetValue 19660->19661 19662 7ff78171c02a FlsSetValue 19660->19662 19663 7ff78171c058 19661->19663 19664 7ff78171c046 FlsSetValue 19661->19664 19665 7ff78171c033 19662->19665 19667 7ff78171bcac _set_fmode 11 API calls 19663->19667 19664->19665 19666 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19665->19666 19666->19654 19668 7ff78171c060 19667->19668 19669 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19668->19669 19669->19658 19693 7ff781723384 19670->19693 19672 7ff781723149 19708 7ff781722e14 19672->19708 19675 7ff781723166 19675->19645 19676 7ff78171e3ac _fread_nolock 12 API calls 19677 7ff781723177 19676->19677 19678 7ff78172317f 19677->19678 19680 7ff78172318e 19677->19680 19679 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19678->19679 19679->19675 19680->19680 19715 7ff7817234bc 19680->19715 19683 7ff78172328a 19684 7ff781715cb4 _set_fmode 11 API calls 19683->19684 19685 7ff78172328f 19684->19685 19687 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19685->19687 19686 7ff7817232e5 19689 7ff78172334c 19686->19689 19726 7ff781722c44 19686->19726 19687->19675 19688 7ff7817232a4 19688->19686 19691 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19688->19691 19690 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19689->19690 19690->19675 19691->19686 19694 7ff7817233a7 19693->19694 19695 7ff7817233b1 19694->19695 19741 7ff7817211a8 EnterCriticalSection 19694->19741 19697 7ff781723423 19695->19697 19700 7ff78171b2bc _CreateFrameInfo 45 API calls 19695->19700 19697->19672 19701 7ff78172343b 19700->19701 19703 7ff781723492 19701->19703 19705 7ff78171bfd4 50 API calls 19701->19705 19703->19672 19706 7ff78172347c 19705->19706 19707 7ff781723114 65 API calls 19706->19707 19707->19703 19709 7ff781715788 45 API calls 19708->19709 19710 7ff781722e28 19709->19710 19711 7ff781722e34 GetOEMCP 19710->19711 19712 7ff781722e46 19710->19712 19713 7ff781722e5b 19711->19713 19712->19713 19714 7ff781722e4b GetACP 19712->19714 19713->19675 19713->19676 19714->19713 19716 7ff781722e14 47 API calls 19715->19716 19717 7ff7817234e9 19716->19717 19718 7ff78172363f 19717->19718 19720 7ff781723526 IsValidCodePage 19717->19720 19724 7ff781723540 memcpy_s 19717->19724 19719 7ff78170c010 _wfindfirst32i64 8 API calls 19718->19719 19721 7ff781723281 19719->19721 19720->19718 19722 7ff781723537 19720->19722 19721->19683 19721->19688 19723 7ff781723566 GetCPInfo 19722->19723 19722->19724 19723->19718 19723->19724 19742 7ff781722f2c 19724->19742 19798 7ff7817211a8 EnterCriticalSection 19726->19798 19743 7ff781722f69 GetCPInfo 19742->19743 19744 7ff78172305f 19742->19744 19743->19744 19750 7ff781722f7c 19743->19750 19745 7ff78170c010 _wfindfirst32i64 8 API calls 19744->19745 19747 7ff7817230fe 19745->19747 19746 7ff781723c90 48 API calls 19748 7ff781722ff3 19746->19748 19747->19718 19753 7ff781728c34 19748->19753 19750->19746 19752 7ff781728c34 54 API calls 19752->19744 19754 7ff781715788 45 API calls 19753->19754 19755 7ff781728c59 19754->19755 19758 7ff781728900 19755->19758 19759 7ff781728941 19758->19759 19760 7ff7817203f0 _fread_nolock MultiByteToWideChar 19759->19760 19764 7ff78172898b 19760->19764 19761 7ff781728c09 19763 7ff78170c010 _wfindfirst32i64 8 API calls 19761->19763 19762 7ff781728ac1 19762->19761 19767 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19762->19767 19765 7ff781723026 19763->19765 19764->19761 19764->19762 19766 7ff78171e3ac _fread_nolock 12 API calls 19764->19766 19768 7ff7817289c3 19764->19768 19765->19752 19766->19768 19767->19761 19768->19762 19769 7ff7817203f0 _fread_nolock MultiByteToWideChar 19768->19769 19770 7ff781728a36 19769->19770 19770->19762 19789 7ff78171fd94 19770->19789 19773 7ff781728a81 19773->19762 19776 7ff78171fd94 __crtLCMapStringW 6 API calls 19773->19776 19774 7ff781728ad2 19775 7ff78171e3ac _fread_nolock 12 API calls 19774->19775 19777 7ff781728ba4 19774->19777 19779 7ff781728af0 19774->19779 19775->19779 19776->19762 19777->19762 19778 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19777->19778 19778->19762 19779->19762 19780 7ff78171fd94 __crtLCMapStringW 6 API calls 19779->19780 19781 7ff781728b70 19780->19781 19781->19777 19782 7ff781728b90 19781->19782 19783 7ff781728ba6 19781->19783 19784 7ff781721640 WideCharToMultiByte 19782->19784 19785 7ff781721640 WideCharToMultiByte 19783->19785 19786 7ff781728b9e 19784->19786 19785->19786 19786->19777 19787 7ff781728bbe 19786->19787 19787->19762 19788 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19787->19788 19788->19762 19790 7ff78171f9c0 __crtLCMapStringW 5 API calls 19789->19790 19791 7ff78171fdd2 19790->19791 19793 7ff78171fdda 19791->19793 19795 7ff78171fe80 19791->19795 19793->19762 19793->19773 19793->19774 19794 7ff78171fe43 LCMapStringW 19794->19793 19796 7ff78171f9c0 __crtLCMapStringW 5 API calls 19795->19796 19797 7ff78171feae __crtLCMapStringW 19796->19797 19797->19794 16223 7ff7817204dc 16224 7ff7817206ce 16223->16224 16226 7ff78172051e _isindst 16223->16226 16275 7ff781715cb4 16224->16275 16226->16224 16229 7ff78172059e _isindst 16226->16229 16244 7ff7817270e4 16229->16244 16234 7ff7817206fa 16287 7ff78171b6b8 IsProcessorFeaturePresent 16234->16287 16241 7ff7817205fb 16243 7ff7817206be 16241->16243 16268 7ff781727128 16241->16268 16278 7ff78170c010 16243->16278 16245 7ff7817205bc 16244->16245 16246 7ff7817270f3 16244->16246 16250 7ff7817264e8 16245->16250 16291 7ff7817211a8 EnterCriticalSection 16246->16291 16251 7ff7817205d1 16250->16251 16252 7ff7817264f1 16250->16252 16251->16234 16256 7ff781726518 16251->16256 16253 7ff781715cb4 _set_fmode 11 API calls 16252->16253 16254 7ff7817264f6 16253->16254 16292 7ff78171b698 16254->16292 16257 7ff7817205e2 16256->16257 16258 7ff781726521 16256->16258 16257->16234 16262 7ff781726548 16257->16262 16259 7ff781715cb4 _set_fmode 11 API calls 16258->16259 16260 7ff781726526 16259->16260 16261 7ff78171b698 _invalid_parameter_noinfo 37 API calls 16260->16261 16261->16257 16263 7ff7817205f3 16262->16263 16264 7ff781726551 16262->16264 16263->16234 16263->16241 16265 7ff781715cb4 _set_fmode 11 API calls 16264->16265 16266 7ff781726556 16265->16266 16267 7ff78171b698 _invalid_parameter_noinfo 37 API calls 16266->16267 16267->16263 16373 7ff7817211a8 EnterCriticalSection 16268->16373 16374 7ff78171c078 GetLastError 16275->16374 16277 7ff781715cbd 16277->16243 16279 7ff78170c019 16278->16279 16280 7ff78170c024 16279->16280 16281 7ff78170c070 IsProcessorFeaturePresent 16279->16281 16282 7ff78170c088 16281->16282 16391 7ff78170c264 RtlCaptureContext 16282->16391 16288 7ff78171b6cb 16287->16288 16396 7ff78171b3cc 16288->16396 16294 7ff78171b530 16292->16294 16295 7ff78171b55b 16294->16295 16298 7ff78171b5cc 16295->16298 16297 7ff78171b582 16306 7ff78171b314 16298->16306 16303 7ff78171b607 16303->16297 16304 7ff78171b6b8 _wfindfirst32i64 17 API calls 16305 7ff78171b697 16304->16305 16307 7ff78171b36b 16306->16307 16308 7ff78171b330 GetLastError 16306->16308 16307->16303 16312 7ff78171b380 16307->16312 16309 7ff78171b340 16308->16309 16315 7ff78171c140 16309->16315 16313 7ff78171b39c GetLastError SetLastError 16312->16313 16314 7ff78171b3b4 16312->16314 16313->16314 16314->16303 16314->16304 16316 7ff78171c17a FlsSetValue 16315->16316 16317 7ff78171c15f FlsGetValue 16315->16317 16318 7ff78171c187 16316->16318 16321 7ff78171b35b SetLastError 16316->16321 16319 7ff78171c174 16317->16319 16317->16321 16332 7ff78171f948 16318->16332 16319->16316 16321->16307 16323 7ff78171c1b4 FlsSetValue 16326 7ff78171c1c0 FlsSetValue 16323->16326 16327 7ff78171c1d2 16323->16327 16324 7ff78171c1a4 FlsSetValue 16325 7ff78171c1ad 16324->16325 16339 7ff78171b700 16325->16339 16326->16325 16345 7ff78171bcac 16327->16345 16337 7ff78171f959 _set_fmode 16332->16337 16333 7ff78171f9aa 16335 7ff781715cb4 _set_fmode 10 API calls 16333->16335 16334 7ff78171f98e RtlAllocateHeap 16336 7ff78171c196 16334->16336 16334->16337 16335->16336 16336->16323 16336->16324 16337->16333 16337->16334 16350 7ff7817243e0 16337->16350 16340 7ff78171b705 RtlRestoreThreadPreferredUILanguages 16339->16340 16344 7ff78171b734 16339->16344 16341 7ff78171b720 GetLastError 16340->16341 16340->16344 16342 7ff78171b72d Concurrency::details::SchedulerProxy::DeleteThis 16341->16342 16343 7ff781715cb4 _set_fmode 9 API calls 16342->16343 16343->16344 16344->16321 16359 7ff78171bb84 16345->16359 16353 7ff781724420 16350->16353 16358 7ff7817211a8 EnterCriticalSection 16353->16358 16371 7ff7817211a8 EnterCriticalSection 16359->16371 16375 7ff78171c0b9 FlsSetValue 16374->16375 16380 7ff78171c09c 16374->16380 16376 7ff78171c0cb 16375->16376 16379 7ff78171c0a9 16375->16379 16378 7ff78171f948 _set_fmode 5 API calls 16376->16378 16377 7ff78171c125 SetLastError 16377->16277 16381 7ff78171c0da 16378->16381 16379->16377 16380->16375 16380->16379 16382 7ff78171c0f8 FlsSetValue 16381->16382 16383 7ff78171c0e8 FlsSetValue 16381->16383 16385 7ff78171c104 FlsSetValue 16382->16385 16386 7ff78171c116 16382->16386 16384 7ff78171c0f1 16383->16384 16387 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16384->16387 16385->16384 16388 7ff78171bcac _set_fmode 5 API calls 16386->16388 16387->16379 16389 7ff78171c11e 16388->16389 16390 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16389->16390 16390->16377 16392 7ff78170c27e RtlLookupFunctionEntry 16391->16392 16393 7ff78170c09b 16392->16393 16394 7ff78170c294 RtlVirtualUnwind 16392->16394 16395 7ff78170c030 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16393->16395 16394->16392 16394->16393 16397 7ff78171b406 _wfindfirst32i64 memcpy_s 16396->16397 16398 7ff78171b42e RtlCaptureContext RtlLookupFunctionEntry 16397->16398 16399 7ff78171b468 RtlVirtualUnwind 16398->16399 16400 7ff78171b49e IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16398->16400 16399->16400 16403 7ff78171b4f0 _wfindfirst32i64 16400->16403 16401 7ff78170c010 _wfindfirst32i64 8 API calls 16402 7ff78171b50f GetCurrentProcess TerminateProcess 16401->16402 16403->16401 19808 7ff78170c2e0 19809 7ff78170c2f0 19808->19809 19825 7ff78171a95c 19809->19825 19811 7ff78170c2fc 19831 7ff78170c5d8 19811->19831 19813 7ff78170c8bc 7 API calls 19815 7ff78170c395 19813->19815 19814 7ff78170c314 _RTC_Initialize 19823 7ff78170c369 19814->19823 19836 7ff78170c788 19814->19836 19817 7ff78170c329 19839 7ff781719dc8 19817->19839 19823->19813 19824 7ff78170c385 19823->19824 19826 7ff78171a96d 19825->19826 19827 7ff78171a975 19826->19827 19828 7ff781715cb4 _set_fmode 11 API calls 19826->19828 19827->19811 19829 7ff78171a984 19828->19829 19830 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19829->19830 19830->19827 19832 7ff78170c5e9 19831->19832 19835 7ff78170c5ee __scrt_release_startup_lock 19831->19835 19833 7ff78170c8bc 7 API calls 19832->19833 19832->19835 19834 7ff78170c662 19833->19834 19835->19814 19864 7ff78170c74c 19836->19864 19838 7ff78170c791 19838->19817 19840 7ff781719de8 19839->19840 19862 7ff78170c335 19839->19862 19841 7ff781719df0 19840->19841 19842 7ff781719e06 GetModuleFileNameW 19840->19842 19843 7ff781715cb4 _set_fmode 11 API calls 19841->19843 19846 7ff781719e31 19842->19846 19844 7ff781719df5 19843->19844 19845 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19844->19845 19845->19862 19847 7ff781719d68 11 API calls 19846->19847 19848 7ff781719e71 19847->19848 19849 7ff781719e79 19848->19849 19852 7ff781719e91 19848->19852 19850 7ff781715cb4 _set_fmode 11 API calls 19849->19850 19851 7ff781719e7e 19850->19851 19854 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19851->19854 19853 7ff781719eb3 19852->19853 19856 7ff781719ef8 19852->19856 19857 7ff781719edf 19852->19857 19855 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19853->19855 19854->19862 19855->19862 19859 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19856->19859 19858 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19857->19858 19860 7ff781719ee8 19858->19860 19859->19853 19861 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19860->19861 19861->19862 19862->19823 19863 7ff78170c85c InitializeSListHead 19862->19863 19865 7ff78170c766 19864->19865 19867 7ff78170c75f 19864->19867 19868 7ff78171af9c 19865->19868 19867->19838 19871 7ff78171abd8 19868->19871 19878 7ff7817211a8 EnterCriticalSection 19871->19878 19378 7ff781718670 19379 7ff7817186d7 19378->19379 19380 7ff78171869e 19378->19380 19379->19380 19382 7ff7817186dc FindFirstFileExW 19379->19382 19381 7ff781715cb4 _set_fmode 11 API calls 19380->19381 19383 7ff7817186a3 19381->19383 19384 7ff7817186fe GetLastError 19382->19384 19385 7ff781718745 19382->19385 19386 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19383->19386 19388 7ff781718709 19384->19388 19389 7ff781718735 19384->19389 19438 7ff7817188e0 19385->19438 19390 7ff7817186ae 19386->19390 19388->19389 19394 7ff781718713 19388->19394 19395 7ff781718725 19388->19395 19391 7ff781715cb4 _set_fmode 11 API calls 19389->19391 19397 7ff78170c010 _wfindfirst32i64 8 API calls 19390->19397 19391->19390 19393 7ff7817188e0 _wfindfirst32i64 10 API calls 19398 7ff78171876b 19393->19398 19394->19389 19399 7ff781718718 19394->19399 19396 7ff781715cb4 _set_fmode 11 API calls 19395->19396 19396->19390 19400 7ff7817186c2 19397->19400 19401 7ff7817188e0 _wfindfirst32i64 10 API calls 19398->19401 19402 7ff781715cb4 _set_fmode 11 API calls 19399->19402 19403 7ff781718779 19401->19403 19402->19390 19404 7ff781721344 _wfindfirst32i64 37 API calls 19403->19404 19405 7ff781718797 19404->19405 19405->19390 19406 7ff7817187a3 19405->19406 19407 7ff78171b6b8 _wfindfirst32i64 17 API calls 19406->19407 19408 7ff7817187b7 19407->19408 19409 7ff7817187e1 19408->19409 19412 7ff781718820 FindNextFileW 19408->19412 19410 7ff781715cb4 _set_fmode 11 API calls 19409->19410 19411 7ff7817187e6 19410->19411 19413 7ff78171b698 _invalid_parameter_noinfo 37 API calls 19411->19413 19414 7ff781718870 19412->19414 19415 7ff78171882f GetLastError 19412->19415 19418 7ff7817187f1 19413->19418 19419 7ff7817188e0 _wfindfirst32i64 10 API calls 19414->19419 19416 7ff78171883a 19415->19416 19417 7ff781718863 19415->19417 19416->19417 19422 7ff781718844 19416->19422 19423 7ff781718856 19416->19423 19420 7ff781715cb4 _set_fmode 11 API calls 19417->19420 19424 7ff78170c010 _wfindfirst32i64 8 API calls 19418->19424 19421 7ff781718888 19419->19421 19420->19418 19425 7ff7817188e0 _wfindfirst32i64 10 API calls 19421->19425 19422->19417 19427 7ff781718849 19422->19427 19428 7ff781715cb4 _set_fmode 11 API calls 19423->19428 19429 7ff781718804 19424->19429 19426 7ff781718896 19425->19426 19430 7ff7817188e0 _wfindfirst32i64 10 API calls 19426->19430 19431 7ff781715cb4 _set_fmode 11 API calls 19427->19431 19428->19418 19432 7ff7817188a4 19430->19432 19431->19418 19433 7ff781721344 _wfindfirst32i64 37 API calls 19432->19433 19434 7ff7817188c2 19433->19434 19434->19418 19435 7ff7817188ca 19434->19435 19436 7ff78171b6b8 _wfindfirst32i64 17 API calls 19435->19436 19437 7ff7817188de 19436->19437 19439 7ff7817188f8 19438->19439 19440 7ff7817188fe FileTimeToSystemTime 19438->19440 19439->19440 19442 7ff781718923 19439->19442 19441 7ff78171890d SystemTimeToTzSpecificLocalTime 19440->19441 19440->19442 19441->19442 19443 7ff78170c010 _wfindfirst32i64 8 API calls 19442->19443 19444 7ff78171875d 19443->19444 19444->19393 19942 7ff78171ab00 19945 7ff78171aa80 19942->19945 19952 7ff7817211a8 EnterCriticalSection 19945->19952 19953 7ff781722500 19964 7ff781728494 19953->19964 19965 7ff7817284a1 19964->19965 19966 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19965->19966 19967 7ff7817284bd 19965->19967 19966->19965 19968 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19967->19968 19969 7ff781722509 19967->19969 19968->19967 19970 7ff7817211a8 EnterCriticalSection 19969->19970 20957 7ff78171bd80 20958 7ff78171bd9a 20957->20958 20959 7ff78171bd85 20957->20959 20963 7ff78171bda0 20959->20963 20964 7ff78171bdea 20963->20964 20965 7ff78171bde2 20963->20965 20967 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20964->20967 20966 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20965->20966 20966->20964 20968 7ff78171bdf7 20967->20968 20969 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20968->20969 20970 7ff78171be04 20969->20970 20971 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20970->20971 20972 7ff78171be11 20971->20972 20973 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20972->20973 20974 7ff78171be1e 20973->20974 20975 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20974->20975 20976 7ff78171be2b 20975->20976 20977 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20976->20977 20978 7ff78171be38 20977->20978 20979 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20978->20979 20980 7ff78171be45 20979->20980 20981 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20980->20981 20982 7ff78171be55 20981->20982 20983 7ff78171b700 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20982->20983 20984 7ff78171be65 20983->20984 20989 7ff78171bc4c 20984->20989 21003 7ff7817211a8 EnterCriticalSection 20989->21003 19971 7ff781715b00 19972 7ff781715b0b 19971->19972 19980 7ff78171ff54 19972->19980 19993 7ff7817211a8 EnterCriticalSection 19980->19993 20092 7ff78172bc8e 20093 7ff78172bc9e 20092->20093 20096 7ff781715b68 LeaveCriticalSection 20093->20096 19445 7ff78171a715 19446 7ff78171b188 45 API calls 19445->19446 19447 7ff78171a71a 19446->19447 19448 7ff78171a78b 19447->19448 19449 7ff78171a741 GetModuleHandleW 19447->19449 19457 7ff78171a618 19448->19457 19449->19448 19455 7ff78171a74e 19449->19455 19455->19448 19471 7ff78171a83c GetModuleHandleExW 19455->19471 19477 7ff7817211a8 EnterCriticalSection 19457->19477 19472 7ff78171a899 19471->19472 19473 7ff78171a870 GetProcAddress 19471->19473 19475 7ff78171a89e FreeLibrary 19472->19475 19476 7ff78171a8a5 19472->19476 19474 7ff78171a882 19473->19474 19474->19472 19475->19476 19476->19448 20441 7ff78172be14 20444 7ff781715b68 LeaveCriticalSection 20441->20444

                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                        Function 00007FF781701000 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 293windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 63 7ff781701000-7ff7817039b6 call 7ff781710750 call 7ff781710748 call 7ff7817089b0 call 7ff781710748 call 7ff78170bfb0 call 7ff781715ae0 call 7ff7817166e8 call 7ff781701ea0 81 7ff781703b5f 63->81 82 7ff7817039bc-7ff7817039cc call 7ff781703f00 63->82 83 7ff781703b64-7ff781703b84 call 7ff78170c010 81->83 82->81 87 7ff7817039d2-7ff7817039e5 call 7ff781703dd0 82->87 87->81 91 7ff7817039eb-7ff781703a12 call 7ff781707d70 87->91 94 7ff781703a54-7ff781703a7c call 7ff781708250 call 7ff781701ca0 91->94 95 7ff781703a14-7ff781703a23 call 7ff781707d70 91->95 105 7ff781703a82-7ff781703a98 call 7ff781701ca0 94->105 106 7ff781703b2d-7ff781703b3e 94->106 95->94 101 7ff781703a25-7ff781703a2b 95->101 103 7ff781703a2d-7ff781703a35 101->103 104 7ff781703a37-7ff781703a51 call 7ff78171576c call 7ff781708250 101->104 103->104 104->94 117 7ff781703a9a-7ff781703ab2 call 7ff781702b10 105->117 118 7ff781703ab7-7ff781703aba 105->118 109 7ff781703b92-7ff781703b95 106->109 110 7ff781703b40-7ff781703b47 106->110 113 7ff781703bab-7ff781703bc3 call 7ff781708de0 109->113 114 7ff781703b97-7ff781703b9d 109->114 110->109 115 7ff781703b49-7ff781703b51 call 7ff781708b80 110->115 132 7ff781703bc5-7ff781703bcc 113->132 133 7ff781703bce-7ff781703bd5 SetDllDirectoryW 113->133 119 7ff781703b9f-7ff781703ba9 114->119 120 7ff781703bdb-7ff781703be8 call 7ff781706ff0 114->120 134 7ff781703b85-7ff781703b88 call 7ff7817014e0 115->134 135 7ff781703b53 115->135 117->81 118->106 126 7ff781703abc-7ff781703ad3 call 7ff781704060 118->126 119->113 119->120 136 7ff781703c33-7ff781703c38 call 7ff781706f70 120->136 137 7ff781703bea-7ff781703bf7 call 7ff781706ca0 120->137 145 7ff781703ad5-7ff781703ad8 126->145 146 7ff781703ada-7ff781703b06 call 7ff7817084c0 126->146 140 7ff781703b5a call 7ff781702b10 132->140 133->120 144 7ff781703b8d-7ff781703b90 134->144 135->140 149 7ff781703c3d-7ff781703c40 136->149 137->136 154 7ff781703bf9-7ff781703c08 call 7ff781706800 137->154 140->81 144->81 144->109 147 7ff781703b15-7ff781703b2b call 7ff781702b10 145->147 146->106 156 7ff781703b08-7ff781703b10 call 7ff78171097c 146->156 147->81 152 7ff781703c46-7ff781703c50 149->152 153 7ff781703d11-7ff781703d20 call 7ff7817034a0 149->153 157 7ff781703c53-7ff781703c5d 152->157 153->81 171 7ff781703d26-7ff781703d55 call 7ff781708b50 call 7ff7817081e0 call 7ff781707d70 call 7ff781703600 153->171 169 7ff781703c0a-7ff781703c16 call 7ff781706780 154->169 170 7ff781703c29-7ff781703c2e call 7ff781706a50 154->170 156->147 162 7ff781703c66-7ff781703c68 157->162 163 7ff781703c5f-7ff781703c64 157->163 167 7ff781703cb1-7ff781703cb7 162->167 168 7ff781703c6a-7ff781703c8d call 7ff781701ee0 162->168 163->157 163->162 175 7ff781703cdc-7ff781703d0c call 7ff781703600 call 7ff781703440 call 7ff7817035f0 call 7ff781706a50 call 7ff781706f70 167->175 176 7ff781703cb9-7ff781703cd6 PostMessageW GetMessageW 167->176 168->81 184 7ff781703c93-7ff781703c9d 168->184 169->170 185 7ff781703c18-7ff781703c27 call 7ff781706e40 169->185 170->136 199 7ff781703d7a-7ff781703daa call 7ff781708290 call 7ff781706a50 call 7ff781706f70 171->199 200 7ff781703d57-7ff781703d74 PostMessageW GetMessageW 171->200 175->83 176->175 188 7ff781703ca0-7ff781703caf 184->188 185->149 188->167 188->188 210 7ff781703dac-7ff781703db3 call 7ff781707f50 199->210 211 7ff781703db8-7ff781703dbb call 7ff781701e70 199->211 200->199 210->211 214 7ff781703dc0-7ff781703dc2 211->214 214->83
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message$EnvironmentPost$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                                                        • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                                                        • API String ID: 2647325126-1544818733
                                                                                                                                                                                                                                                                        • Opcode ID: 4474981b6be94aa1b512c9588e853e916df7d13898b50b1bd46168d9c391519e
                                                                                                                                                                                                                                                                        • Instruction ID: d058ed3fdb402130f339fda1534d17a26b71615cf71d3e01f63ec4c53fad22ab
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4474981b6be94aa1b512c9588e853e916df7d13898b50b1bd46168d9c391519e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85C17121A0CB8645EB24FB229C512BEE391BF5C784FE0013DEA4D47697DEACE545C720
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781726B50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 263 7ff781726b50-7ff781726b8b call 7ff7817264d8 call 7ff7817264e0 call 7ff781726548 270 7ff781726b91-7ff781726b9c call 7ff7817264e8 263->270 271 7ff781726db5-7ff781726e01 call 7ff78171b6b8 call 7ff7817264d8 call 7ff7817264e0 call 7ff781726548 263->271 270->271 276 7ff781726ba2-7ff781726bac 270->276 297 7ff781726e07-7ff781726e12 call 7ff7817264e8 271->297 298 7ff781726f3f-7ff781726fad call 7ff78171b6b8 call 7ff7817223d0 271->298 278 7ff781726bce-7ff781726bd2 276->278 279 7ff781726bae-7ff781726bb1 276->279 282 7ff781726bd5-7ff781726bdd 278->282 281 7ff781726bb4-7ff781726bbf 279->281 285 7ff781726bca-7ff781726bcc 281->285 286 7ff781726bc1-7ff781726bc8 281->286 282->282 287 7ff781726bdf-7ff781726bf2 call 7ff78171e3ac 282->287 285->278 290 7ff781726bfb-7ff781726c09 285->290 286->281 286->285 293 7ff781726c0a-7ff781726c16 call 7ff78171b700 287->293 294 7ff781726bf4-7ff781726bf6 call 7ff78171b700 287->294 304 7ff781726c1d-7ff781726c25 293->304 294->290 297->298 306 7ff781726e18-7ff781726e23 call 7ff781726518 297->306 317 7ff781726fbb-7ff781726fbe 298->317 318 7ff781726faf-7ff781726fb6 298->318 304->304 307 7ff781726c27-7ff781726c38 call 7ff781721344 304->307 306->298 315 7ff781726e29-7ff781726e4c call 7ff78171b700 GetTimeZoneInformation 306->315 307->271 316 7ff781726c3e-7ff781726c94 call 7ff78172b580 * 4 call 7ff781726a6c 307->316 332 7ff781726e52-7ff781726e73 315->332 333 7ff781726f14-7ff781726f3e call 7ff7817264d0 call 7ff7817264c0 call 7ff7817264c8 315->333 375 7ff781726c96-7ff781726c9a 316->375 319 7ff781726fc0 317->319 320 7ff781726ff5-7ff781727008 call 7ff78171e3ac 317->320 323 7ff78172704b-7ff78172704e 318->323 325 7ff781726fc3 319->325 342 7ff78172700a 320->342 343 7ff781727013-7ff78172702e call 7ff7817223d0 320->343 324 7ff781727054-7ff78172705c call 7ff781726b50 323->324 323->325 330 7ff781726fc8-7ff781726ff4 call 7ff78171b700 call 7ff78170c010 324->330 325->330 331 7ff781726fc3 call 7ff781726dcc 325->331 331->330 340 7ff781726e7e-7ff781726e85 332->340 341 7ff781726e75-7ff781726e7b 332->341 344 7ff781726e87-7ff781726e8f 340->344 345 7ff781726e99 340->345 341->340 346 7ff78172700c-7ff781727011 call 7ff78171b700 342->346 363 7ff781727030-7ff781727033 343->363 364 7ff781727035-7ff781727047 call 7ff78171b700 343->364 344->345 351 7ff781726e91-7ff781726e97 344->351 355 7ff781726e9b-7ff781726f0f call 7ff78172b580 * 4 call 7ff7817239ac call 7ff781727064 * 2 345->355 346->319 351->355 355->333 363->346 364->323 377 7ff781726c9c 375->377 378 7ff781726ca0-7ff781726ca4 375->378 377->378 378->375 380 7ff781726ca6-7ff781726ccb call 7ff7817175a8 378->380 386 7ff781726cce-7ff781726cd2 380->386 388 7ff781726ce1-7ff781726ce5 386->388 389 7ff781726cd4-7ff781726cdf 386->389 388->386 389->388 391 7ff781726ce7-7ff781726ceb 389->391 394 7ff781726d6c-7ff781726d70 391->394 395 7ff781726ced-7ff781726d15 call 7ff7817175a8 391->395 397 7ff781726d77-7ff781726d84 394->397 398 7ff781726d72-7ff781726d74 394->398 403 7ff781726d17 395->403 404 7ff781726d33-7ff781726d37 395->404 399 7ff781726d9f-7ff781726dae call 7ff7817264d0 call 7ff7817264c0 397->399 400 7ff781726d86-7ff781726d9c call 7ff781726a6c 397->400 398->397 399->271 400->399 407 7ff781726d1a-7ff781726d21 403->407 404->394 409 7ff781726d39-7ff781726d57 call 7ff7817175a8 404->409 407->404 410 7ff781726d23-7ff781726d31 407->410 415 7ff781726d63-7ff781726d6a 409->415 410->404 410->407 415->394 416 7ff781726d59-7ff781726d5d 415->416 416->394 417 7ff781726d5f 416->417 417->415
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726B95
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817264E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7817264FC
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B700: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B716
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B700: GetLastError.KERNEL32(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B720
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B6B8: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF78171B697,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171B6C1
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B6B8: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF78171B697,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171B6E6
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726B84
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781726548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78172655C
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726DFA
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726E0B
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726E1C
                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78172705C), ref: 00007FF781726E43
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
                                                                                                                                                                                                                                                                        • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                                                                                                        • API String ID: 1458651798-690618308
                                                                                                                                                                                                                                                                        • Opcode ID: 5c0435bc803def4f3738399755070787ba0f20d1cbf8e98db8d8e06c31f37944
                                                                                                                                                                                                                                                                        • Instruction ID: 10ccbd6f26a5c027fd19060815b09c027f883a8c7502263767ae3618ece73d00
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c0435bc803def4f3738399755070787ba0f20d1cbf8e98db8d8e06c31f37944
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37D1B426A0824246EB20BF21E4401B9A761FF4C794FE5417EEE4E47697DFBCE482C760
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781727A9C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 448 7ff781727a9c-7ff781727b0f call 7ff7817277d0 451 7ff781727b29-7ff781727b33 call 7ff781718c58 448->451 452 7ff781727b11-7ff781727b1a call 7ff781715c94 448->452 458 7ff781727b4e-7ff781727bb7 CreateFileW 451->458 459 7ff781727b35-7ff781727b4c call 7ff781715c94 call 7ff781715cb4 451->459 457 7ff781727b1d-7ff781727b24 call 7ff781715cb4 452->457 472 7ff781727e6a-7ff781727e8a 457->472 460 7ff781727bb9-7ff781727bbf 458->460 461 7ff781727c34-7ff781727c3f GetFileType 458->461 459->457 464 7ff781727c01-7ff781727c2f GetLastError call 7ff781715c28 460->464 465 7ff781727bc1-7ff781727bc5 460->465 467 7ff781727c92-7ff781727c99 461->467 468 7ff781727c41-7ff781727c7c GetLastError call 7ff781715c28 CloseHandle 461->468 464->457 465->464 470 7ff781727bc7-7ff781727bff CreateFileW 465->470 475 7ff781727c9b-7ff781727c9f 467->475 476 7ff781727ca1-7ff781727ca4 467->476 468->457 483 7ff781727c82-7ff781727c8d call 7ff781715cb4 468->483 470->461 470->464 477 7ff781727caa-7ff781727cff call 7ff781718b70 475->477 476->477 478 7ff781727ca6 476->478 486 7ff781727d1e-7ff781727d4f call 7ff781727550 477->486 487 7ff781727d01-7ff781727d0d call 7ff7817279d8 477->487 478->477 483->457 494 7ff781727d51-7ff781727d53 486->494 495 7ff781727d55-7ff781727d97 486->495 487->486 493 7ff781727d0f 487->493 496 7ff781727d11-7ff781727d19 call 7ff78171b878 493->496 494->496 497 7ff781727db9-7ff781727dc4 495->497 498 7ff781727d99-7ff781727d9d 495->498 496->472 500 7ff781727e68 497->500 501 7ff781727dca-7ff781727dce 497->501 498->497 499 7ff781727d9f-7ff781727db4 498->499 499->497 500->472 501->500 503 7ff781727dd4-7ff781727e19 CloseHandle CreateFileW 501->503 505 7ff781727e1b-7ff781727e49 GetLastError call 7ff781715c28 call 7ff781718d98 503->505 506 7ff781727e4e-7ff781727e63 503->506 505->506 506->500
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                                                        • Opcode ID: 8482aad9305a30c551bfc572177b6762c68ebfb4afe3bdfce811c5be068ed5ba
                                                                                                                                                                                                                                                                        • Instruction ID: ead44e7d361813f88e8f57dac9865fa5120cb6352d24df9fc2e6821bc285979f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8482aad9305a30c551bfc572177b6762c68ebfb4afe3bdfce811c5be068ed5ba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EC1C036B28A4285EB10EF64C5902AC7762FB5DB98B611339DB1F97396CF78D052C310
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781707B60 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF78170153F), ref: 00007FF781707BF7
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781707D70: GetEnvironmentVariableW.KERNEL32(00007FF7817039FF), ref: 00007FF781707DAA
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781707D70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF781707DC7
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781718610: _invalid_parameter_noinfo.LIBCMT ref: 00007FF781718629
                                                                                                                                                                                                                                                                        • SetEnvironmentVariableW.KERNEL32 ref: 00007FF781707CB1
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781702B10: MessageBoxW.USER32 ref: 00007FF781702BE5
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                                        • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                                                        • Opcode ID: 26c14f5d2d519ab3f82a273994a24441e39aec3c57247172eafc601634a0f726
                                                                                                                                                                                                                                                                        • Instruction ID: 51a45c3bb4fcf0f6b7269e17a419fcb345a4c2d3bbd6db51a411d7b776e1460a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26c14f5d2d519ab3f82a273994a24441e39aec3c57247172eafc601634a0f726
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82514E11F0965241FB18B7229D162BAD285BF5DBC0FE54439ED4E8B797EDACE442C220
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781726DCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 779 7ff781726dcc-7ff781726e01 call 7ff7817264d8 call 7ff7817264e0 call 7ff781726548 786 7ff781726e07-7ff781726e12 call 7ff7817264e8 779->786 787 7ff781726f3f-7ff781726fad call 7ff78171b6b8 call 7ff7817223d0 779->787 786->787 792 7ff781726e18-7ff781726e23 call 7ff781726518 786->792 799 7ff781726fbb-7ff781726fbe 787->799 800 7ff781726faf-7ff781726fb6 787->800 792->787 798 7ff781726e29-7ff781726e4c call 7ff78171b700 GetTimeZoneInformation 792->798 812 7ff781726e52-7ff781726e73 798->812 813 7ff781726f14-7ff781726f3e call 7ff7817264d0 call 7ff7817264c0 call 7ff7817264c8 798->813 801 7ff781726fc0 799->801 802 7ff781726ff5-7ff781727008 call 7ff78171e3ac 799->802 804 7ff78172704b-7ff78172704e 800->804 806 7ff781726fc3 801->806 820 7ff78172700a 802->820 821 7ff781727013-7ff78172702e call 7ff7817223d0 802->821 805 7ff781727054-7ff78172705c call 7ff781726b50 804->805 804->806 810 7ff781726fc8-7ff781726ff4 call 7ff78171b700 call 7ff78170c010 805->810 806->810 811 7ff781726fc3 call 7ff781726dcc 806->811 811->810 818 7ff781726e7e-7ff781726e85 812->818 819 7ff781726e75-7ff781726e7b 812->819 822 7ff781726e87-7ff781726e8f 818->822 823 7ff781726e99 818->823 819->818 824 7ff78172700c-7ff781727011 call 7ff78171b700 820->824 838 7ff781727030-7ff781727033 821->838 839 7ff781727035-7ff781727047 call 7ff78171b700 821->839 822->823 828 7ff781726e91-7ff781726e97 822->828 831 7ff781726e9b-7ff781726f0f call 7ff78172b580 * 4 call 7ff7817239ac call 7ff781727064 * 2 823->831 824->801 828->831 831->813 838->824 839->804
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726DFA
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781726548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78172655C
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726E0B
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817264E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7817264FC
                                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF781726E1C
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781726518: _invalid_parameter_noinfo.LIBCMT ref: 00007FF78172652C
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B700: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B716
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B700: GetLastError.KERNEL32(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B720
                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78172705C), ref: 00007FF781726E43
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
                                                                                                                                                                                                                                                                        • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                                                                                                        • API String ID: 2248164782-690618308
                                                                                                                                                                                                                                                                        • Opcode ID: 55e3cc8bac5369d910ed4892b15b2a588c4a2811a75c0baad495c27a87ccf3ce
                                                                                                                                                                                                                                                                        • Instruction ID: 9a5eda4436cba17868bd6c801fd55ad0eb07a23dd951f94ec6601396402ef31f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55e3cc8bac5369d910ed4892b15b2a588c4a2811a75c0baad495c27a87ccf3ce
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5518E22A0864286E720FF21E8805A9E761FF4C784FE5417EEA4E47697DFBCE541C760
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708D00 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                        • Opcode ID: ecdf086f063d1ff4b022191a002e9e17b8509f6d6c47db3a09a7631b022981ea
                                                                                                                                                                                                                                                                        • Instruction ID: eaf4f8eeb260c0564b26bb87dccbc68e122256800f3e01f8f272269e907b49bd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecdf086f063d1ff4b022191a002e9e17b8509f6d6c47db3a09a7631b022981ea
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FF0F432A1878186F7A0AF64E889766F390FB48764FA00739D66D026E5DFBCD048CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781701700 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 0 7ff781701700-7ff781701714 1 7ff781701716-7ff78170172d call 7ff781702b10 0->1 2 7ff78170172e-7ff781701732 0->2 4 7ff781701734-7ff78170173d call 7ff7817012a0 2->4 5 7ff781701758-7ff78170177b call 7ff781707e20 2->5 11 7ff78170174f-7ff781701757 4->11 12 7ff78170173f-7ff78170174a call 7ff781702b10 4->12 13 7ff78170177d-7ff7817017a8 call 7ff781702870 5->13 14 7ff7817017a9-7ff7817017c4 call 7ff781704060 5->14 12->11 20 7ff7817017c6-7ff7817017d9 call 7ff781702b10 14->20 21 7ff7817017de-7ff7817017f1 call 7ff781711004 14->21 26 7ff78170191f-7ff781701922 call 7ff78171097c 20->26 27 7ff781701813-7ff781701817 21->27 28 7ff7817017f3-7ff78170180e call 7ff781702870 21->28 34 7ff781701927-7ff78170193e 26->34 31 7ff781701831-7ff781701851 call 7ff781715780 27->31 32 7ff781701819-7ff781701825 call 7ff781701050 27->32 37 7ff781701917-7ff78170191a call 7ff78171097c 28->37 41 7ff781701853-7ff78170186d call 7ff781702870 31->41 42 7ff781701872-7ff781701878 31->42 38 7ff78170182a-7ff78170182c 32->38 37->26 38->37 49 7ff78170190d-7ff781701912 41->49 43 7ff781701905-7ff781701908 call 7ff78171576c 42->43 44 7ff78170187e-7ff781701887 42->44 43->49 48 7ff781701890-7ff7817018b2 call 7ff781710ccc 44->48 52 7ff7817018e5-7ff7817018ec 48->52 53 7ff7817018b4-7ff7817018cc call 7ff78171140c 48->53 49->37 55 7ff7817018f3-7ff7817018fb call 7ff781702870 52->55 58 7ff7817018d5-7ff7817018e3 53->58 59 7ff7817018ce-7ff7817018d1 53->59 61 7ff781701900 55->61 58->55 59->48 62 7ff7817018d3 59->62 61->43 62->61
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                                                        • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                                                        • Opcode ID: 4af32ae8bb4415fca34dc8e65b09824c973554ee49536559dab56e2502b2e909
                                                                                                                                                                                                                                                                        • Instruction ID: 2815f4e5f308b55ecb0a59766f2c7ce11ee19941a250b6a0b5b21665850d377e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4af32ae8bb4415fca34dc8e65b09824c973554ee49536559dab56e2502b2e909
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69519D61B4878286EB10BB15E8102A9A391FF5CBE4FE44039DE4D47797EEACE645C720
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781701A90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                                                        • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                                                        • Opcode ID: bdbc6040d1c2829f4a361fe52dbc08492be425f77c4da1097f0c89d36307920c
                                                                                                                                                                                                                                                                        • Instruction ID: 6e7d254801bbccd5d8941ecc3680a6e8c4a5be6310c11f8c2307a4581a31d5f3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdbc6040d1c2829f4a361fe52dbc08492be425f77c4da1097f0c89d36307920c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3518D72B09B42C6EB14EF24D890179B3A0FF4CB84BA18139DA4D87796DEBCE541C764
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                                                        • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                                                        • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                                                        • Opcode ID: b7abaf37a347f063a3628d3e0586489636cc93df3d8b7db5f5a9dd5ff1266243
                                                                                                                                                                                                                                                                        • Instruction ID: 8760b56f8c9537ae9e9de6ce0811f9cb624164f4d7d94330baf75318fa90a2a6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7abaf37a347f063a3628d3e0586489636cc93df3d8b7db5f5a9dd5ff1266243
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B414B72A0878181DB10AB64E45529AF3A4FF99364FA0073DE6AE437D6DFBCD045CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781701050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 511 7ff781701050-7ff7817010ab call 7ff78170b840 514 7ff7817010d3-7ff7817010eb call 7ff781715780 511->514 515 7ff7817010ad-7ff7817010d2 call 7ff781702b10 511->515 520 7ff7817010ed-7ff781701104 call 7ff781702870 514->520 521 7ff781701109-7ff781701119 call 7ff781715780 514->521 526 7ff781701264-7ff781701279 call 7ff78170b520 call 7ff78171576c * 2 520->526 527 7ff78170111b-7ff781701132 call 7ff781702870 521->527 528 7ff781701137-7ff781701149 521->528 543 7ff78170127e-7ff781701298 526->543 527->526 530 7ff781701150-7ff781701175 call 7ff781710ccc 528->530 537 7ff78170125c 530->537 538 7ff78170117b-7ff781701185 call 7ff781710a40 530->538 537->526 538->537 544 7ff78170118b-7ff781701197 538->544 545 7ff7817011a0-7ff7817011c8 call 7ff781709c80 544->545 548 7ff781701241-7ff781701257 call 7ff781702b10 545->548 549 7ff7817011ca-7ff7817011cd 545->549 548->537 550 7ff7817011cf-7ff7817011d9 549->550 551 7ff78170123c 549->551 553 7ff781701203-7ff781701206 550->553 554 7ff7817011db-7ff7817011e8 call 7ff78171140c 550->554 551->548 556 7ff781701219-7ff78170121e 553->556 557 7ff781701208-7ff781701216 call 7ff78172aee0 553->557 559 7ff7817011ed-7ff7817011f0 554->559 556->545 558 7ff781701220-7ff781701223 556->558 557->556 561 7ff781701225-7ff781701228 558->561 562 7ff781701237-7ff78170123a 558->562 563 7ff7817011f2-7ff7817011fc call 7ff781710a40 559->563 564 7ff7817011fe-7ff781701201 559->564 561->548 566 7ff78170122a-7ff781701232 561->566 562->537 563->556 563->564 564->548 566->530
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                                        • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                                                                        • Opcode ID: 1c9f60fe5bdfbf99a397612234c032aac3c0edeb9f84fb8fb3de77bae926bd72
                                                                                                                                                                                                                                                                        • Instruction ID: 87d131de5296542ed09f1c1286132918a61c74c28eeb793dccb8c5f6fd7ea76d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c9f60fe5bdfbf99a397612234c032aac3c0edeb9f84fb8fb3de77bae926bd72
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251D462B0D78281E720BB11A8403BAA391FB48794FE40139ED4E47787EFBCE545C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171F9C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF78171FD5A,?,?,-00000018,00007FF78171BB0B,?,?,?,00007FF78171BA02,?,?,?,00007FF78171698E), ref: 00007FF78171FB3C
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF78171FD5A,?,?,-00000018,00007FF78171BB0B,?,?,?,00007FF78171BA02,?,?,?,00007FF78171698E), ref: 00007FF78171FB48
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                        • Opcode ID: 92e1c6cccb7ec25b4476ca22e51d2624e921c13e1215ab17a1d429f3080250c2
                                                                                                                                                                                                                                                                        • Instruction ID: 0cf7c7557d02cb1060dc10d03591d86ea6c91e60d80dd06bc7b4d76a45c5bc26
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92e1c6cccb7ec25b4476ca22e51d2624e921c13e1215ab17a1d429f3080250c2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C841E83271960241FB25EB16A810575A391BF4DBD0FAA413DDD0D57786EEBCE445C320
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171C80C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 666 7ff78171c80c-7ff78171c832 667 7ff78171c84d-7ff78171c851 666->667 668 7ff78171c834-7ff78171c848 call 7ff781715c94 call 7ff781715cb4 666->668 670 7ff78171cc27-7ff78171cc33 call 7ff781715c94 call 7ff781715cb4 667->670 671 7ff78171c857-7ff78171c85e 667->671 686 7ff78171cc3e 668->686 688 7ff78171cc39 call 7ff78171b698 670->688 671->670 673 7ff78171c864-7ff78171c892 671->673 673->670 677 7ff78171c898-7ff78171c89f 673->677 678 7ff78171c8b8-7ff78171c8bb 677->678 679 7ff78171c8a1-7ff78171c8b3 call 7ff781715c94 call 7ff781715cb4 677->679 684 7ff78171c8c1-7ff78171c8c7 678->684 685 7ff78171cc23-7ff78171cc25 678->685 679->688 684->685 690 7ff78171c8cd-7ff78171c8d0 684->690 689 7ff78171cc41-7ff78171cc58 685->689 686->689 688->686 690->679 693 7ff78171c8d2-7ff78171c8f7 690->693 695 7ff78171c92a-7ff78171c931 693->695 696 7ff78171c8f9-7ff78171c8fb 693->696 697 7ff78171c933-7ff78171c95b call 7ff78171e3ac call 7ff78171b700 * 2 695->697 698 7ff78171c906-7ff78171c91d call 7ff781715c94 call 7ff781715cb4 call 7ff78171b698 695->698 699 7ff78171c8fd-7ff78171c904 696->699 700 7ff78171c922-7ff78171c928 696->700 729 7ff78171c978-7ff78171c9a3 call 7ff78171d034 697->729 730 7ff78171c95d-7ff78171c973 call 7ff781715cb4 call 7ff781715c94 697->730 727 7ff78171cab0 698->727 699->698 699->700 701 7ff78171c9a8-7ff78171c9bf 700->701 704 7ff78171ca3a-7ff78171ca44 call 7ff78172476c 701->704 705 7ff78171c9c1-7ff78171c9c9 701->705 716 7ff78171ca4a-7ff78171ca5f 704->716 717 7ff78171cace 704->717 705->704 708 7ff78171c9cb-7ff78171c9cd 705->708 708->704 712 7ff78171c9cf-7ff78171c9e5 708->712 712->704 719 7ff78171c9e7-7ff78171c9f3 712->719 716->717 721 7ff78171ca61-7ff78171ca73 GetConsoleMode 716->721 725 7ff78171cad3-7ff78171caf3 ReadFile 717->725 719->704 723 7ff78171c9f5-7ff78171c9f7 719->723 721->717 726 7ff78171ca75-7ff78171ca7d 721->726 723->704 728 7ff78171c9f9-7ff78171ca11 723->728 731 7ff78171caf9-7ff78171cb01 725->731 732 7ff78171cbed-7ff78171cbf6 GetLastError 725->732 726->725 734 7ff78171ca7f-7ff78171caa1 ReadConsoleW 726->734 737 7ff78171cab3-7ff78171cabd call 7ff78171b700 727->737 728->704 738 7ff78171ca13-7ff78171ca1f 728->738 729->701 730->727 731->732 740 7ff78171cb07 731->740 735 7ff78171cbf8-7ff78171cc0e call 7ff781715cb4 call 7ff781715c94 732->735 736 7ff78171cc13-7ff78171cc16 732->736 743 7ff78171cac2-7ff78171cacc 734->743 744 7ff78171caa3 GetLastError 734->744 735->727 748 7ff78171caa9-7ff78171caab call 7ff781715c28 736->748 749 7ff78171cc1c-7ff78171cc1e 736->749 737->689 738->704 747 7ff78171ca21-7ff78171ca23 738->747 741 7ff78171cb0e-7ff78171cb23 740->741 741->737 751 7ff78171cb25-7ff78171cb30 741->751 743->741 744->748 747->704 755 7ff78171ca25-7ff78171ca35 747->755 748->727 749->737 757 7ff78171cb57-7ff78171cb5f 751->757 758 7ff78171cb32-7ff78171cb4b call 7ff78171c424 751->758 755->704 762 7ff78171cbdb-7ff78171cbe8 call 7ff78171c264 757->762 763 7ff78171cb61-7ff78171cb73 757->763 766 7ff78171cb50-7ff78171cb52 758->766 762->766 767 7ff78171cbce-7ff78171cbd6 763->767 768 7ff78171cb75 763->768 766->737 767->737 770 7ff78171cb7a-7ff78171cb81 768->770 771 7ff78171cbbd-7ff78171cbc8 770->771 772 7ff78171cb83-7ff78171cb87 770->772 771->767 773 7ff78171cb89-7ff78171cb90 772->773 774 7ff78171cba3 772->774 773->774 775 7ff78171cb92-7ff78171cb96 773->775 776 7ff78171cba9-7ff78171cbb9 774->776 775->774 777 7ff78171cb98-7ff78171cba1 775->777 776->770 778 7ff78171cbbb 776->778 777->776 778->767
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: e6e9ca765fa647dc4aa1628c0431ca1bf8d8f0a3c5e0b7675abe670f7d6e3383
                                                                                                                                                                                                                                                                        • Instruction ID: a78b0cb17a50c9c2f70fd56b70b2e684463463290cc2f7c6217921948176b714
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6e9ca765fa647dc4aa1628c0431ca1bf8d8f0a3c5e0b7675abe670f7d6e3383
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31C1D62290C68791E761AF9494402BDB765FB89B80FAB0139DA4E07393DEFCE945C364
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708860 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                                                                        • Opcode ID: 0a78fddd52e4a4b47c0abd3b9ff92470e3f80b7b026c685fad37238cb9e723cb
                                                                                                                                                                                                                                                                        • Instruction ID: d951557737ae30b3969328d9655868efef9863fb4b7940243dd0127a80393851
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a78fddd52e4a4b47c0abd3b9ff92470e3f80b7b026c685fad37238cb9e723cb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2212535A0C74281FB10AB55F84012AF3A1FF997A0FA50239DA9D43AD6DFBCE455C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708B80 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: GetCurrentProcess.KERNEL32 ref: 00007FF781708880
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: OpenProcessToken.ADVAPI32 ref: 00007FF781708891
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: GetTokenInformation.KERNELBASE ref: 00007FF7817088B6
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: GetLastError.KERNEL32 ref: 00007FF7817088C0
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: GetTokenInformation.KERNELBASE ref: 00007FF781708900
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF78170891C
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708860: CloseHandle.KERNEL32 ref: 00007FF781708934
                                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00007FF781703B4E), ref: 00007FF781708C0C
                                                                                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00007FF781708C15
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PATH_MAX!
                                                                                                                                                                                                                                                                        • API String ID: 6828938-1817031585
                                                                                                                                                                                                                                                                        • Opcode ID: 8ff8ea2c17bd8fbf586603b6c91de9233eb7c00b5d3dcbaf8731662f4bda8ceb
                                                                                                                                                                                                                                                                        • Instruction ID: 3f0ce2a49f71371015ad7c11b357ce7307e6f6f86232a4ed1de89094fb4d14e1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ff8ea2c17bd8fbf586603b6c91de9233eb7c00b5d3dcbaf8731662f4bda8ceb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82214C21E18B4681F750BB20E8056FAA3A0FB5C780FE40579E94E53697DFBCE545C660
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781703F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7817039CA), ref: 00007FF781703F34
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF781708AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF7817029F4
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: MessageBoxW.USER32 ref: 00007FF781702AD0
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                                                        • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                                                        • Opcode ID: 7ef307d93855c796adb502a26685baad3249a75f128fd8c4618b636fbd62cd4f
                                                                                                                                                                                                                                                                        • Instruction ID: c87cd677807bfeb601e9a317bc6936c45bd754b6b1d83594ad8a4ec6a30fa59c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef307d93855c796adb502a26685baad3249a75f128fd8c4618b636fbd62cd4f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8112C21B1864245FB21B722EC113F69364BF4C7C4FE0043EE98E8669BEEDCE645C620
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171DD10 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF78171DCFB), ref: 00007FF78171DE2C
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF78171DCFB), ref: 00007FF78171DEB7
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                                                                        • Opcode ID: e5bc4118b78d7803f2849d3b40dbb6165d02ed41efd1a206ffcb3739746c0941
                                                                                                                                                                                                                                                                        • Instruction ID: cb6a7bd979e8421c400fbe16b6b105fcaba529f7e2f1c776daac8213f8b4250e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5bc4118b78d7803f2849d3b40dbb6165d02ed41efd1a206ffcb3739746c0941
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8991D532E1865285F750AF65C4442BDABA4FB1CB88FA5413DDE0E57686CFBCD446CB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817204DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                                                                        • Opcode ID: a806384fd3dbc637569f566945d79e9d0f9a49a7dde5cce1babac435a7d8ed95
                                                                                                                                                                                                                                                                        • Instruction ID: a83ebc76d15297b7e5a76d904dcb92f2ecb3973fa529e159637e800a40325668
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a806384fd3dbc637569f566945d79e9d0f9a49a7dde5cce1babac435a7d8ed95
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E51E672F052118AEB24EF6499456BCA761FB58358FB0023DED1F52AE6DF78A443C620
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781716044 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                                                                        • Opcode ID: bf9e299d8a19087a057b397dc8e4afdf64a098b67ef913149ee4b49067ca2483
                                                                                                                                                                                                                                                                        • Instruction ID: c07ccbe3d68e90b97ca10de023dc09f54a6536d239ccf39f3359e36f19f5202a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf9e299d8a19087a057b397dc8e4afdf64a098b67ef913149ee4b49067ca2483
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03519022E086418AF711EF71E8403BDA3B1BB4CB58F618539EE0D4768ADFB8D541C360
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781715EF0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                                                        • Opcode ID: 83590a85ef91dfeaaf5391bcb7c84269641a6271a066e8b030d9dbe54c1e2ad9
                                                                                                                                                                                                                                                                        • Instruction ID: 5d78d01e1a08f3d105cf1269b30ddf0c84730d815e27091faee855b5a2363ab3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83590a85ef91dfeaaf5391bcb7c84269641a6271a066e8b030d9dbe54c1e2ad9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0241A422D1878283E754AF209500379A360FF99764F619339EA9D03AD2DFBCE5E4C760
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170C3CC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                                                                        • Opcode ID: 9d2a249925c3744b7bdec991b642967cea5aa1e4eae3f82ffa02bbb969e0fbb5
                                                                                                                                                                                                                                                                        • Instruction ID: 55f47d8e8f8cdc3ec9a3d5134c2643051e33781a674fda80177ec8bad6aac00d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d2a249925c3744b7bdec991b642967cea5aa1e4eae3f82ffa02bbb969e0fbb5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE311621E0834241FB24BB6498513B9A791BF99384FF510BDEA4E8B2D3DEEDB545C270
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171A7E4 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                        • Opcode ID: a9ca9fd944998b9103efb0079ab816177775b60747cbceda43ee2d2e97830e0f
                                                                                                                                                                                                                                                                        • Instruction ID: d0f4233da438d25831ee686be9ba48a7528e8137852be6023a2b958576f940a3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9ca9fd944998b9103efb0079ab816177775b60747cbceda43ee2d2e97830e0f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7D06C50F5874246FB193B715896079A251BF6DB41BB1687CCC0B06393CDACA84BC261
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708D80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CreateDirectoryMessage
                                                                                                                                                                                                                                                                        • String ID: Security descriptor is not initialized!
                                                                                                                                                                                                                                                                        • API String ID: 73271072-986317556
                                                                                                                                                                                                                                                                        • Opcode ID: cb4d7abd45f9f406bb8e9fa743bd3ea339ce9ab77a45f8f760c2574a3479da4c
                                                                                                                                                                                                                                                                        • Instruction ID: 5a1a1616bf625ac70583a80df4d8575d2eae871df07ffceeaea781e3180f9039
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb4d7abd45f9f406bb8e9fa743bd3ea339ce9ab77a45f8f760c2574a3479da4c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BE092B1E1874682FB50AB24EC05669A3A0FB69354FE00338E54D863E5DFBCD24ACB00
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781710A6C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: cf177395047abfa4e851662a110b86e3e3c378c626585af56caf23d5c147307d
                                                                                                                                                                                                                                                                        • Instruction ID: 5be227a464f514198322720a6805640fd9c0ea4210e82072ca820639e8e5236b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf177395047abfa4e851662a110b86e3e3c378c626585af56caf23d5c147307d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F351FA61B0938185F728BE2594006BAE291BF4CBA8FB64738DE6D077C7CEBCD501C620
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171B910 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF78171B78D,?,?,00000000,00007FF78171B842), ref: 00007FF78171B97E
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF78171B78D,?,?,00000000,00007FF78171B842), ref: 00007FF78171B988
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1687624791-0
                                                                                                                                                                                                                                                                        • Opcode ID: 3fd0f83af0628cda6e58ba1b17cfc613668cd8d43ebee099ac9aff2e4f27651a
                                                                                                                                                                                                                                                                        • Instruction ID: cbd361a4b8465b47fbe0404bb3ef558597c916fa11480ce5676ce2c3172db812
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fd0f83af0628cda6e58ba1b17cfc613668cd8d43ebee099ac9aff2e4f27651a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A219911B0868281FFA4772594D027992A67F4CB94FA5473DDB6E473D7CEECA44AC320
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171CEE4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                                                        • Opcode ID: 5a688e03e61d2ba522e05303caa220c229835d3c67e189c94220df843fa187e3
                                                                                                                                                                                                                                                                        • Instruction ID: cfab7aea7c1cb5db1752ae4ca38ca0ffd7a3ff645b7b95f1dcc984acbff19426
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a688e03e61d2ba522e05303caa220c229835d3c67e189c94220df843fa187e3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D111C462708A8181DB20AB25A404169B365FB49BF4FA84339EE7D0B7DACFBCD055C744
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817161EC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF781716101), ref: 00007FF78171621F
                                                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF781716101), ref: 00007FF781716235
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                                                        • Opcode ID: 94d9743ddc59f1ec6d0c8066f19f46560215df41a9b86dc953b2c7251607b198
                                                                                                                                                                                                                                                                        • Instruction ID: e4e88aecd1092d0e000859a9ebea5f58f5c830dc12644101af4fe8303b69dc0c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94d9743ddc59f1ec6d0c8066f19f46560215df41a9b86dc953b2c7251607b198
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C11777260C65281EB54AB55B40117AF7B0FB99761FA0023DF69E419E9EFFCD054CB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817188E0 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78171875D), ref: 00007FF781718903
                                                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78171875D), ref: 00007FF781718919
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                                                        • Opcode ID: 4ed2e9fa1167940cfa5aca87292fc65ce3ac60374052c1fe1dcdfc496945e827
                                                                                                                                                                                                                                                                        • Instruction ID: 0a7e2de4a8751193caab494366af0d78f6804d5f59c111146435e2952cdcc111
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ed2e9fa1167940cfa5aca87292fc65ce3ac60374052c1fe1dcdfc496945e827
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A01653251C65282E760AB14E40123AF7B1FB4A761FB0433AE7AD015D9DFBDD055DB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171B700 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B716
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B720
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 588628887-0
                                                                                                                                                                                                                                                                        • Opcode ID: c0904582055235206b637bb6fb630becad907d152bf6a94a3ba36ee294329771
                                                                                                                                                                                                                                                                        • Instruction ID: 74d5b63aac01ce5db190571917c519db83a98171b208a2b9091ef88f64314a6f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0904582055235206b637bb6fb630becad907d152bf6a94a3ba36ee294329771
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBE08610F0D24243FF187BB158940349161BF5C750BE9043CDA0E47363DEAC6885C271
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781718ECC Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2018770650-0
                                                                                                                                                                                                                                                                        • Opcode ID: b1319888d58344e1d146038dbe51c945b0a95c66f9246088a0a26429922302e0
                                                                                                                                                                                                                                                                        • Instruction ID: d94407560ada508a92aa069bebb808a74bbe9d415a157139562e0ec4f81e1a56
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1319888d58344e1d146038dbe51c945b0a95c66f9246088a0a26429922302e0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52D0C914E2850381F7243BB10C8503991947F5E720FF10779D02E911D2DE9CA09AC135
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781718648 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 377330604-0
                                                                                                                                                                                                                                                                        • Opcode ID: 37b4a7e4d00d01a0eafeac234b577e395ecf372998b901b949fd5718f631df3e
                                                                                                                                                                                                                                                                        • Instruction ID: b5b5661635668167ed5870dfff3a53db65c15c43ab14897bdb4de9422ab7e333
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b4a7e4d00d01a0eafeac234b577e395ecf372998b901b949fd5718f631df3e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4D0C910E1958385F7243BB60C4543991A07F5D721FF10A78D41E811D3DEECA046C532
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781707F50 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF781702A9B), ref: 00007FF781708E1A
                                                                                                                                                                                                                                                                        • _findclose.LIBCMT ref: 00007FF7817081A9
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2772937645-0
                                                                                                                                                                                                                                                                        • Opcode ID: aa2a36deec39c3a11ec2b62d31fe43dc86d3decf01d493f1b5c8a3539a39b282
                                                                                                                                                                                                                                                                        • Instruction ID: 52b7313728fedf22488a33a50c19724301cf7be7bc4a68c3a5dcd41b6d1944bd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa2a36deec39c3a11ec2b62d31fe43dc86d3decf01d493f1b5c8a3539a39b282
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99717D52E18BC581E711DB2CC9052FDA360F7A9B48FA5E325DB9C12593EF68E2D5C700
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171CC5C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: 23588c1d4a76148e9b0b46970dab15bc80394bd809d2a1daf00a983cf625f788
                                                                                                                                                                                                                                                                        • Instruction ID: 5c986733d7895b767533e75a803e10324c340a48d19832dd3d2784b511970503
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23588c1d4a76148e9b0b46970dab15bc80394bd809d2a1daf00a983cf625f788
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6841153290924183EB24EB64E14117DF7A0FB5EB80FA50139D78E836D2CFACE842C765
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817084C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                                                        • Opcode ID: 5b981b31ad161845b052996c0f51cc5e6af8158e95f9abd9228328c9158647d9
                                                                                                                                                                                                                                                                        • Instruction ID: 541bb239e2ac582f950c1e2ca6ab54dfebf7821c2b3bced841f5c83e6facfcd6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b981b31ad161845b052996c0f51cc5e6af8158e95f9abd9228328c9158647d9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29219321F0879245FB54AA1269047FAE791BF49BD4FE94434DE0D0778BDEBDE001C624
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171C6EC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: 9d46e4dc1c7706e1baa247f93764384ede75e9bcf433252d370e5f4900f7c3d5
                                                                                                                                                                                                                                                                        • Instruction ID: 6e69b3da678d97f3f3b35caf56c4551338a27f33d872e5b942597e9fa2b1be11
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d46e4dc1c7706e1baa247f93764384ede75e9bcf433252d370e5f4900f7c3d5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC318E22E1868285F715BF958881378E660BB49BA1FA2023DDA1D073D3DFFCA441C775
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171A715 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                                                                        • Opcode ID: 9c0127de50016242ddc74074b6af7f5d0c7ecdfc40d630aae62ff1a96a90ed2f
                                                                                                                                                                                                                                                                        • Instruction ID: e8e0b26a60fa7e3c409562cc8c87b884eaaceb19cf40cf03f75ceb7b135357a0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c0127de50016242ddc74074b6af7f5d0c7ecdfc40d630aae62ff1a96a90ed2f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0219F32E04A4589EB24AF64C4812BC77B0FB48718FA5063AD61E06AC6DFB8D585C790
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817169E4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: a12511eb413a20500788068782fa49ddb1fe92b02a1e7189881bce5d81ea64e9
                                                                                                                                                                                                                                                                        • Instruction ID: eb38d505b484c857d6c5772259bfc65e0e736d4736b7078c7c44ad0bdd383d00
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a12511eb413a20500788068782fa49ddb1fe92b02a1e7189881bce5d81ea64e9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE118421A1D68282EB61BF51A4002B9E265BF89B80FA6403DFB8D57797CFFCD510C760
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78172748C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: 14b88cdde8f100e0c11df9c25968cfa6048feb9caeb9ba24198eb79990a08c61
                                                                                                                                                                                                                                                                        • Instruction ID: c9bfa922fcc8674e7f2a194bacffcf9d28e6c9d0c5aa99616126986715bc5df0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14b88cdde8f100e0c11df9c25968cfa6048feb9caeb9ba24198eb79990a08c61
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D521D732A08A8286D761AF18E540379F7A1FB98B94FB44238E75E876D6DF7CD401CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781710CEC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: cb4a28c9cfe68d4bf5caf65282be0dfe2d74942f75b7edef78e8fd4dc80d0569
                                                                                                                                                                                                                                                                        • Instruction ID: cd03cfbd436971b5fb9d4960e150dfccf51710648fe472970098c912cae68137
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb4a28c9cfe68d4bf5caf65282be0dfe2d74942f75b7edef78e8fd4dc80d0569
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8801A561A0878140EB14AB52980007DE6A5BF49FE0FE94678DE5C57BDBCEBCE541C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171F948 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF78171C196,?,?,?,00007FF78171B35B,?,?,00000000,00007FF78171B5F6), ref: 00007FF78171F99D
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                        • Opcode ID: 83da86fcac40c5efe6be46efa8cccb7ed61db28345aee0e9c2556edc7e0339ef
                                                                                                                                                                                                                                                                        • Instruction ID: 9b101a1069989812b19713b5bcb4a048e8ec5435387f951611868cbb08ec8669
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83da86fcac40c5efe6be46efa8cccb7ed61db28345aee0e9c2556edc7e0339ef
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0F0AF40B0A24292FF14766194503B4C2827F8CB80FED4538CD0E86387DE9CA485C232
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171E3AC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,?,?,00007FF781711514,?,?,?,00007FF781712A26,?,?,?,?,?,00007FF781714019), ref: 00007FF78171E3EA
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                        • Opcode ID: d8b55510c5610d80ab4c44b86d687719a9e038cf882b555fd49ed5282eff217e
                                                                                                                                                                                                                                                                        • Instruction ID: ef8a8993d6b94a487a23814ae79a6cb9596ff77e9a2045ea6bcd6c135f3b67a2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8b55510c5610d80ab4c44b86d687719a9e038cf882b555fd49ed5282eff217e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9F05E10F1D28345FF1676615850A75D280BF4C7A0FAA0639DD2E862C3DEECE481C232
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817085F0 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 377330604-0
                                                                                                                                                                                                                                                                        • Opcode ID: 29abbcd590d8bc83be46253168ccef4893bb64efb014d6d51ae576ec86481027
                                                                                                                                                                                                                                                                        • Instruction ID: 33e68207f7a07d778f0edb95f07aa87a440992b9cf635e41c4bb5b5729ce1759
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29abbcd590d8bc83be46253168ccef4893bb64efb014d6d51ae576ec86481027
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6841B916D1CB8541F710AB24D9012FCA3A0FBAD784FA1A336DB8D42297EF68A5D8C310
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                        Function 00007FF7817053F0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                                                                        • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                                        • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                                                        • Opcode ID: 849092ee313d90182648ac5091f6841dd271f5938a0293141bcf3cafd9cdb4f6
                                                                                                                                                                                                                                                                        • Instruction ID: b3f0a3c8e44103619c4c2341fae0125d79bd0cc2b19f8b906a428a9a7bb9dcde
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 849092ee313d90182648ac5091f6841dd271f5938a0293141bcf3cafd9cdb4f6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3129464A1AB4390FB15AB04EC64174A3A1FF1C795BF4507DD80F06366EFFDA549C221
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781724EFC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                                        • Opcode ID: c804c22466df2b92b362f5d1d066b057dea08e8c29dc99d8cb90910c2247e431
                                                                                                                                                                                                                                                                        • Instruction ID: 45c7c4938d00f5189be8c845db58f77c49869df37d8d3876e81aac475d702b0e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c804c22466df2b92b362f5d1d066b057dea08e8c29dc99d8cb90910c2247e431
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3B2F872F182C28BE7249F64D4407FCB7A1FB58344FA05179DA0F57A86DBB8A902CB50
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708770 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,00007FF781702A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF781708797
                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32 ref: 00007FF7817087C6
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32 ref: 00007FF78170881C
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF781708AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF7817029F4
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: MessageBoxW.USER32 ref: 00007FF781702AD0
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                                                        • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                                                        • Opcode ID: 71548051bea7547f5d5b972cb2661fdb12455c7e02de19cea235076eba1ea75f
                                                                                                                                                                                                                                                                        • Instruction ID: b267085f6d108afee347b9f68012518ff7ef2d0649007a7217cea5ef410bb929
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71548051bea7547f5d5b972cb2661fdb12455c7e02de19cea235076eba1ea75f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5214131A18B4286F760AB15EC44679E3A5FF8C384FE4113DD64E426A6EFBCD545C720
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170A76D Relevance: 12.0, Strings: 9, Instructions: 745COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                                        • API String ID: 0-2665694366
                                                                                                                                                                                                                                                                        • Opcode ID: 63f3ffa9379e1e3dea1ad36e367ec88dcfea323b25a29ef61fa4fbcfb838a92b
                                                                                                                                                                                                                                                                        • Instruction ID: 9628528238e030895529f6d8756213cb23f33100af1f6984c5fc7f99bd224ead
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63f3ffa9379e1e3dea1ad36e367ec88dcfea323b25a29ef61fa4fbcfb838a92b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64521772A147A68BD7A49F14C848B7E7BA9FB48340FA1413DE64A877C1DBBCD944CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170C8BC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                        • Opcode ID: 4f1605a870b3ab58307638b90f69401c730c876d9dfa7ce500e329c816792819
                                                                                                                                                                                                                                                                        • Instruction ID: d7a5e2065b58a128237f25833c961d6b8cc49096bf45e0dc5e4047eb57d94f34
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f1605a870b3ab58307638b90f69401c730c876d9dfa7ce500e329c816792819
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6315072609B8186EB60AF60E8403EDB364FB98744F54403ADB4E47B96DF7CD649C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171B3CC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                        • Opcode ID: f3d77d60e417bce1f0fe908812719be64cab24703666754eed0168e01bd0a785
                                                                                                                                                                                                                                                                        • Instruction ID: 2e1c6b1e6c99545adb697be6ad63189738ac2e03c19abae62fbd47b3f0c1dd8b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3d77d60e417bce1f0fe908812719be64cab24703666754eed0168e01bd0a785
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A315432618B8186E760DF25E8412AEB3A4FB8C754FA40139EB9D43B56EF7CD545CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817226C4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                                                                        • Opcode ID: d3b5a9ccb4e88c159cf9a045586edc927c7d7f7f2097a371a70039bbbe86ddba
                                                                                                                                                                                                                                                                        • Instruction ID: d454bdaff7c62d189e89e90a5d7f8f158358ac565b902c73463da650a841f5c9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3b5a9ccb4e88c159cf9a045586edc927c7d7f7f2097a371a70039bbbe86ddba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FB1DC11B1869641EB61FB2594001B9E360FB5CBE4FA4417AEE6E17BC6DFBCE442C310
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170C7A0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                        • Opcode ID: 9121cd0992376079c28b7b15cfb2bb882a77f2b3c78bb4ce64e2c22522254d02
                                                                                                                                                                                                                                                                        • Instruction ID: 6be31a520f797ee2387312a03a355814c94c6c8543f67d5b1fbd4baec60110d3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9121cd0992376079c28b7b15cfb2bb882a77f2b3c78bb4ce64e2c22522254d02
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F115A22B18F018AEB00EF60E8442B873A4FB1D758F941E39DA2D827A5DFBCD155C390
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781724A60 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                                                                        • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                                        • Instruction ID: 21eb54721a8741560c970bdf47dc4d77514bb182e1547c3f1a3f77d4153d533c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70C10272B1C28687EB24DF19A04466AF791F78CB84FA48138DB4B43785DB7DE842CB00
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781709F3B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                                        • API String ID: 0-1127688429
                                                                                                                                                                                                                                                                        • Opcode ID: a8b055446104684f1ad95e328151202d31fdc591d47a14639da6131c49358b20
                                                                                                                                                                                                                                                                        • Instruction ID: 67be566cf307ce831f333fb5c6c7b6c53f66eb1bd3b4a67377e194873ff5683b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8b055446104684f1ad95e328151202d31fdc591d47a14639da6131c49358b20
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDF1A172A183D58BE7A5AB14C888B3EBBA9FF48740F65413CDA4D47392CBB8E540C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78172A7D8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                                                                        • Opcode ID: 107d115b060fbd35a116a220a90c3f58689526778be32960ff8b0eb29206904d
                                                                                                                                                                                                                                                                        • Instruction ID: fad59886fda61074d54bcaba356777a5277aad071856ec89c372c44e4b7dba53
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 107d115b060fbd35a116a220a90c3f58689526778be32960ff8b0eb29206904d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01B1AE77A00B858BEB15CF29C84636CB7B0F748B48F258865DB9E83BA5CB79D452C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817142D4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                                                                                        • Opcode ID: a4155c6fffaecf52a824239c2b6f37dbc1b24f1087258a4a4fa2a9ab421e67c4
                                                                                                                                                                                                                                                                        • Instruction ID: 68159de54fd5e34ec739708e8e3a6c1992867a4098c80b2ecc722cbea7369713
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4155c6fffaecf52a824239c2b6f37dbc1b24f1087258a4a4fa2a9ab421e67c4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AAE1C476A08642C2EB68AE25805013DB3A0FF4DB48FB6123DDE4F07796DF69E951C760
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781709D9B Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                                        • API String ID: 0-900081337
                                                                                                                                                                                                                                                                        • Opcode ID: 7b159ed6ab11f424a85810e34fe73a423a8b15e185d016247a9cbb34ea0f7710
                                                                                                                                                                                                                                                                        • Instruction ID: c10216ccc617ad5d2c3b11b11c0b9fcd9da091a99db4740e6cacf93f84ccb0ce
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b159ed6ab11f424a85810e34fe73a423a8b15e185d016247a9cbb34ea0f7710
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C91A672A183C587E7A49B14D84CB3E7BA9FB48344F61413DEB4A47791CBB8E940CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171ECA0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                                                                                        • Opcode ID: b0eb00ec9cc72bcbd25ebaa9050c7cd18c6ed420f4824bc0d073d86035fcaeec
                                                                                                                                                                                                                                                                        • Instruction ID: 568acea1448d306d1d2c318aea152918937cc278171e394f5603e80ff50cfd4a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0eb00ec9cc72bcbd25ebaa9050c7cd18c6ed420f4824bc0d073d86035fcaeec
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53518822B182C146E7259E399801B69EB91F74CB94FE9823ACB9C47AC2CFBDD444C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781721720 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                                                                        • Opcode ID: efa432ee43361794d79c056ee1414f46ce0334394006416f597bcb3974c6ee8b
                                                                                                                                                                                                                                                                        • Instruction ID: f73b01f9b4b0bafcd9aabdc4214966a9e1e5ccc158d0db82f29dab10749b23e5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efa432ee43361794d79c056ee1414f46ce0334394006416f597bcb3974c6ee8b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8902AE25A0D68641FB15BB219800279A2A4FF0DBA0FB9467DDD6E477D3DEFCA442C320
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171E80C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                                                                        • Opcode ID: ce984bed762576d5ac079d260fe98dbb5d2c0c9497d8241e3c95b971abe0b5e7
                                                                                                                                                                                                                                                                        • Instruction ID: 3dc31c564a335c6586074d7ffd1e9c9d060451a6d23954f59850fa08644c06cd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce984bed762576d5ac079d260fe98dbb5d2c0c9497d8241e3c95b971abe0b5e7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55A17B63B087C586EB22DB25A400BBDB791FB58B84F668036DE8D47782DE7DD501C721
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781718EF4 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                                        • Opcode ID: 3b564438a13d9ecb6da03743c649824cecec4092b47d8ebe5d99cea1aca2316f
                                                                                                                                                                                                                                                                        • Instruction ID: 21b9a7ec3f4eacf864aa0718dabc5b3c5a159144d4741cfc8e037cac50ab0e52
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b564438a13d9ecb6da03743c649824cecec4092b47d8ebe5d99cea1aca2316f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9751BC55B0864641FB64BA2659011BAD296BF4DB84FEA443DDF0E477C7EEBCE442C220
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817242D0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                                        • Opcode ID: ed995d9d252c3e0c61107ed1ba5c48f1392176915e7fcf845d28b2722b2e2d45
                                                                                                                                                                                                                                                                        • Instruction ID: b00d0bb1cf3dcdede9dc4666f44e19efaa461e6c36f9d7e49df69a610eef16fa
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed995d9d252c3e0c61107ed1ba5c48f1392176915e7fcf845d28b2722b2e2d45
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BB09220E0BA02C7EB083B216C8221462A4BF5C710FF9407CC00E41321DE6C20B6C721
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781713ED0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: ca9df69fd1c27fd416770dca946a20fccf44885df857cf64186a4c680355c85b
                                                                                                                                                                                                                                                                        • Instruction ID: a6204e8ed5e7eca97a305afda12a52e9127a530c6215ea117f2d0f1149a813fd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca9df69fd1c27fd416770dca946a20fccf44885df857cf64186a4c680355c85b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BD1EA32A08642C1EB28EE25854067DA7A0FF49B58FB6023DCE4E076D6DFB9D841D360
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817092D0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: a6d76246942c46f132312ebc4a4bc27c309f6729675ee6fb805fd22939f347a0
                                                                                                                                                                                                                                                                        • Instruction ID: ddcbbc91c90a47ca0fc3298ce3a664771b01182cb054fc2e06e60c696e0f39d5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6d76246942c46f132312ebc4a4bc27c309f6729675ee6fb805fd22939f347a0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCC195722141E14BD2C9EB29E86957E77E1F78934DBD4403AEB8B47B86C63CE114DB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781713540 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: fa501f5897fa8170c1c3089a9165536d111e8d2735d862654f88cabfcab8bd87
                                                                                                                                                                                                                                                                        • Instruction ID: df32c607a35d4f4699435e9191d4b49a3082bce6e065a2d21726097bf2f7a554
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa501f5897fa8170c1c3089a9165536d111e8d2735d862654f88cabfcab8bd87
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FB15E72A0878589E764AF39C05013CBBA4F749F68FB64139DA4E47396CFA9D881C760
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171F320 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: dde3b387bb0edac5d3a7572aaf71fcdce3ba0ac9d1c4353072e234eccf42a557
                                                                                                                                                                                                                                                                        • Instruction ID: 77ae9219666e5e4fb110bc9937b3e0c08fcd3ce75a5fe8e2383c907d34b38b53
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b387bb0edac5d3a7572aaf71fcdce3ba0ac9d1c4353072e234eccf42a557
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0681F372A0C78146E774EF19A04037AFA91FB89794FA54239DA9D43B9ACF7CD404CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781727550 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                        • Opcode ID: 9914cb7746023329a97bf4181aa287deee78f55ee5d35b62d6e15dbc326fdfe6
                                                                                                                                                                                                                                                                        • Instruction ID: 6b6ab34f4d264a963931c225d43b3f927ee8a0b1a19decac2f2dcea237eea2a3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9914cb7746023329a97bf4181aa287deee78f55ee5d35b62d6e15dbc326fdfe6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9461EA22E1818246F774AA288554679F682FF68360FB5067DD61FC67D3DEEDE802C720
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781712274 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3986d2e28db3ad4c814196551e744b7f12e089580c78501851383343d29f5119
                                                                                                                                                                                                                                                                        • Instruction ID: 4906366c1451b54458e193bea274aca52d65d45b64a3d7bf0a5608358ca695b8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3986d2e28db3ad4c814196551e744b7f12e089580c78501851383343d29f5119
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C51A332A1865186E7249B29C04027CB3B0FB5DB68F764139CE4D17796EBBAEC43C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781712A94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 431273df7c005eff8b086499786a7f8af66af839407972891033f6f8b32510fa
                                                                                                                                                                                                                                                                        • Instruction ID: 896a15eeb27c2443effee9505280dd47664ef932410785851f187e9ba6633a4f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 431273df7c005eff8b086499786a7f8af66af839407972891033f6f8b32510fa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9151A272B18A5186E7349F28C040238B3A1FB58B68F764139CE4C17796EFBAE843C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781712684 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 0a7def00a57181835e1b5755574f212d41c435eb46ac8bcc91c00ca4f50edce3
                                                                                                                                                                                                                                                                        • Instruction ID: aca24c541bb2a4ead551bd5aab24b651b678338ad244cd361a39d13bd0421c99
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a7def00a57181835e1b5755574f212d41c435eb46ac8bcc91c00ca4f50edce3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F151C436A1865186E7249B29C040239B3A0FB5DB68F764139DF4C077D6EBBAEC43C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781712480 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 5b37b721d2520797c932084b48cf8e5c5b4bbfd8b4955e3aae9fbd8879836657
                                                                                                                                                                                                                                                                        • Instruction ID: 03fccde024c18ff213fc8a310c666738b002c83dc21db1ff165762e288972291
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b37b721d2520797c932084b48cf8e5c5b4bbfd8b4955e3aae9fbd8879836657
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4518236A1865186E7349B29C050638A7B0FB4CF58FB64139CE4D177A6EF7AEC42C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781712070 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: e4a792dd5f357ba9ab053cb868b8428acf2d0115ad083e523ed5123ef832f09c
                                                                                                                                                                                                                                                                        • Instruction ID: d18fb3fe7a951d4bf51e0a16c9c05192a5a9a0f8a85be80677e9ec2832b9096e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4a792dd5f357ba9ab053cb868b8428acf2d0115ad083e523ed5123ef832f09c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3851C236A1865586E7249B28C04027CA7A1FB4CB68FB64139CE4C57796EBBAEC43C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781712890 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 56eab1984f79c1160248cb97b5e30aec2666dd062f10dae5dc3084fdbc1595d5
                                                                                                                                                                                                                                                                        • Instruction ID: 4d7d084aba760257c7d601016e55df73134388bbbbbccc33afa9494aef542d45
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56eab1984f79c1160248cb97b5e30aec2666dd062f10dae5dc3084fdbc1595d5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80519432A1865586E7349B29C040238B7A1FB5CF98F764139CE8C2779ADB7AE842C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781716750 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                        • Instruction ID: 74b3188c4335a999fa0e7da93f04874d5f6640d99f984b0123a2646131a01b17
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 574138D6C4D65A08EB97991855007B4A680FF1A7A0DFA52BCFD9A233C3DDCDA586C330
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171AC50 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 588628887-0
                                                                                                                                                                                                                                                                        • Opcode ID: 940b9e593d0c3062987dd70eff17dc4f67e88caffb64201d51e644504be3e955
                                                                                                                                                                                                                                                                        • Instruction ID: 05b5b214ee026a476b7b6cb0f581a237aa2be2d5b46b1f86151f558595488e87
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 940b9e593d0c3062987dd70eff17dc4f67e88caffb64201d51e644504be3e955
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB41E272714A5582EF08DF2AD914169E3A1FB4CFD0B99A03ADE4D97B69DE7DD042C300
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817184BC Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 0e964e0879812776301290bf3608c59f303cc439457e9edc2df0719adb6d9b81
                                                                                                                                                                                                                                                                        • Instruction ID: 111b65569327a35e11e3fdc368ac1b8a6bcfcc38edb46ea772f42d3e7e30fefe
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e964e0879812776301290bf3608c59f303cc439457e9edc2df0719adb6d9b81
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB319332A08B4241E724AF25684016EF695FB89BE0F79423DEA5E57BDADF7CD002C614
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78172A620 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: c3f3f1020485e8a41a296fc930dbc96221e618d45f39aaa63d951921bdf06b5a
                                                                                                                                                                                                                                                                        • Instruction ID: f54c2ff1053a66585e117b875aed4944ce64c4a488e891e0184e2fdd14b4c500
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3f3f1020485e8a41a296fc930dbc96221e618d45f39aaa63d951921bdf06b5a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4F06871B182558ADBA89F29B40262977E0F74C380F90843DD58D87B04DA7C9065DF14
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170CA9C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: b04046989d87c8dc885ed01c2b3f2aaa9c0b13633c97905e42662c4d2108a614
                                                                                                                                                                                                                                                                        • Instruction ID: ac3a3ea1993b594c12538df16140797c18d8b09d123da7b293b8c8b0b34a8bf3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b04046989d87c8dc885ed01c2b3f2aaa9c0b13633c97905e42662c4d2108a614
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AA001A1908A42D0E744AB00A852021A324FB69308BB100BAD11E514A2DEBCA581C220
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781707100 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                                                                        • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                                        • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                                                        • Opcode ID: e7edea845a9f5d5bc22b5b56991a1be592abbf01ed24a972618679d5ebca8c04
                                                                                                                                                                                                                                                                        • Instruction ID: 61a1dfcf5ed3c646260499e11304e016140b0cc7bdbc24af53a79abe1a8342d9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7edea845a9f5d5bc22b5b56991a1be592abbf01ed24a972618679d5ebca8c04
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9E1E560A1DB0391FB58AB04AC80574A3A2FF6C780BF414BDD84E463A6EFFDA545C271
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817012A0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message_fread_nolock
                                                                                                                                                                                                                                                                        • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                                                        • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                                                        • Opcode ID: 1210a00c1f94fad8fc04b6ce9bb113bc3664f50aa28bba14dd920580c1eeaaf8
                                                                                                                                                                                                                                                                        • Instruction ID: 66237e5ba23cf15aae47889cb3f11a55d841dd7fbcb3e8a70908a46031293faf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1210a00c1f94fad8fc04b6ce9bb113bc3664f50aa28bba14dd920580c1eeaaf8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3516E61B0878285EB20B711A8512BAE394FF487D4FE14039EA4E47B97EEECE545C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817023D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                                        • Opcode ID: 5b6577cad5280a8981d528861e2ae7c646745b175b361903b18278a3a03fe9da
                                                                                                                                                                                                                                                                        • Instruction ID: 4aa14a68049bed1e7c0dbb013a9f7b09a6ddc868a5e845a5beb8f99ada943952
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b6577cad5280a8981d528861e2ae7c646745b175b361903b18278a3a03fe9da
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0511326608BA186D734AF22A4181BAF7A1FBACB65F104125EFCF43685DF7CD045CB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781716CE0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                                        • Opcode ID: d41d3ed49e0df0b37e7753a00fe59ce424ede8ed11cb6504f669504b003b63f2
                                                                                                                                                                                                                                                                        • Instruction ID: dffa5533deeed1ecee9165acc6113a1339cdca3410527ff64bcd12609b052e0b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d41d3ed49e0df0b37e7753a00fe59ce424ede8ed11cb6504f669504b003b63f2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A12C935E0C28386FB25BB14D045679F662FB48750FE54139EA8A876C6DFBCE580DB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817118F8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                                        • Opcode ID: d738f100ea2c585e80d131aafbe2a69e2e0acbd3b76fe5cf90b2b638373c2978
                                                                                                                                                                                                                                                                        • Instruction ID: ca54b3cf1193dcee932896ed8fe8374123421582a9b728f961375d778f5f5af4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d738f100ea2c585e80d131aafbe2a69e2e0acbd3b76fe5cf90b2b638373c2978
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD12BA72E0D18385FB24BE25E044279F662FB98750FE64139D6994B6C6DFBCE580CB20
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781701590 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                                        • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                                        • Opcode ID: 055c0791b7c5e2d5d4c785f8718b954980404b550ce72f718d0a3cf241bc7f5d
                                                                                                                                                                                                                                                                        • Instruction ID: 3d17a385109f90f1adc3b70909401e19d97a1bf2784975125c54ab11bcea8144
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 055c0791b7c5e2d5d4c785f8718b954980404b550ce72f718d0a3cf241bc7f5d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D315221B4864286EB24FB11AC505BAE391FB587D4FE84039DA4E07A97EEBCE546C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170F330 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                                        • Opcode ID: 0e2dbf0607b23b863384daf6af73d36f13a88af7ca772ada99fba3557138c94c
                                                                                                                                                                                                                                                                        • Instruction ID: 6b14ba31cf263908019cd4d5ba3997ee4f536063cb8b66093ffa86c6d84b9f5f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e2dbf0607b23b863384daf6af73d36f13a88af7ca772ada99fba3557138c94c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6D1A332A0874286EB20EF65D8402ADB7A0FB49798FA01139EE8D57B57DF78E491C711
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817089B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF781708A47
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF781708A9E
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                                        • API String ID: 626452242-27947307
                                                                                                                                                                                                                                                                        • Opcode ID: 400f0bdcbd62a4a5536486c2f7426be13d95d078f8c38135e0fc09a91e7db9c0
                                                                                                                                                                                                                                                                        • Instruction ID: d14be3d1f0cccdd1a067a35f818859a09b857e2010d3b92db1cfc1acce757b30
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 400f0bdcbd62a4a5536486c2f7426be13d95d078f8c38135e0fc09a91e7db9c0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A419432A08B8282F720EF15B84016AF7A5FB88790FA44539DA8E47B96DFBCD551C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708EF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00007FF7817039CA), ref: 00007FF781708F31
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF781708AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF7817029F4
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: MessageBoxW.USER32 ref: 00007FF781702AD0
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00007FF7817039CA), ref: 00007FF781708FA5
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                                        • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                                                        • Opcode ID: 4b8f80f614b111e99d886447c0377d3fa2ad0085ce50da6436ff273b72e0facb
                                                                                                                                                                                                                                                                        • Instruction ID: 583f5a304c02a1a4923a88191ed89731dfd036046226992f70ad8afbe9226924
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b8f80f614b111e99d886447c0377d3fa2ad0085ce50da6436ff273b72e0facb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C215121B09B4295F710AB25AD40069F792FF88B90FB4453DDA4E57796EFBCE541C320
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817077B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                                                        • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                                                        • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                                                        • Opcode ID: a7952723605ae61abc1882f975453169c0b64ccb58c0a3f643ee8a986b0c1367
                                                                                                                                                                                                                                                                        • Instruction ID: 6d933af26be6f98433a57255d1c579624dd61f2c0b64c2336599313821526e4d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7952723605ae61abc1882f975453169c0b64ccb58c0a3f643ee8a986b0c1367
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01518D21A1D34241FB10BB2599506B9E391BF9CBC0FE44138E98E876D7EEACE501C330
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170E3C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF78170E67A,?,?,?,00007FF78170D5AC,?,?,?,00007FF78170D1A1), ref: 00007FF78170E44D
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF78170E67A,?,?,?,00007FF78170D5AC,?,?,?,00007FF78170D1A1), ref: 00007FF78170E45B
                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF78170E67A,?,?,?,00007FF78170D5AC,?,?,?,00007FF78170D1A1), ref: 00007FF78170E485
                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF78170E67A,?,?,?,00007FF78170D5AC,?,?,?,00007FF78170D1A1), ref: 00007FF78170E4F3
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF78170E67A,?,?,?,00007FF78170D5AC,?,?,?,00007FF78170D1A1), ref: 00007FF78170E4FF
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                        • Opcode ID: 5cef7e97cf10635b7adbe76254dad29ae16abfe91812266f9aed7336451ff82a
                                                                                                                                                                                                                                                                        • Instruction ID: 1e03df9ccf16eca0de7bcf48512ffbdde88cfc416f9f911cc54da46ccdc611cd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cef7e97cf10635b7adbe76254dad29ae16abfe91812266f9aed7336451ff82a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D319421B1A74191EF61EB469840975A394FF4CBA0FAA053DFD5D4A792EEBCE481C320
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781707630 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF781702A9B), ref: 00007FF781708E1A
                                                                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF781707BB1,00000000,?,00000000,00000000,?,00007FF78170153F), ref: 00007FF78170768F
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781702B10: MessageBoxW.USER32 ref: 00007FF781702BE5
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7817076EA
                                                                                                                                                                                                                                                                        • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7817076A3
                                                                                                                                                                                                                                                                        • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF781707666
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                                        • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                                                        • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                                                        • Opcode ID: 9bfcf0b62ea921097bc7abb589b6718567d9e6fafddd2668cb98e057143b44d0
                                                                                                                                                                                                                                                                        • Instruction ID: 440e3249b280a0732c2f1e85af3aee83de620eb00f2357d66a9b7d9f870fa050
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bfcf0b62ea921097bc7abb589b6718567d9e6fafddd2668cb98e057143b44d0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA316051B1874240FB64B725DD552BAE391BFAC7C0FE4043ADA4E827D7EEACE505C620
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781708DE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF781702A9B), ref: 00007FF781708E1A
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF781708AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF7817029F4
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7817029C0: MessageBoxW.USER32 ref: 00007FF781702AD0
                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF781702A9B), ref: 00007FF781708EA0
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                                        • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                                                        • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                                                        • Opcode ID: 7f97f1849ec178b0ff8ea583991b98c80d8c160445cd7602e716bcd8403426a8
                                                                                                                                                                                                                                                                        • Instruction ID: 7f3f9340792afce09a6425316f149d32d41b37d0619308e8bfd62737ea9879da
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f97f1849ec178b0ff8ea583991b98c80d8c160445cd7602e716bcd8403426a8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F215322F18A4281FB50EB29F840069E3A1FB8C7C4FA84579DB5D53B6AEE7CD541C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171BF00 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                        • Opcode ID: 54b775f8dcc7592bd86d56be8aaa54ab235b08f202956fce910fbbd8e275d41b
                                                                                                                                                                                                                                                                        • Instruction ID: 428e040d3f1d22bf5c5d985c2e7a727a5b417610e4985e0283a83b7a45ce6438
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54b775f8dcc7592bd86d56be8aaa54ab235b08f202956fce910fbbd8e275d41b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81216A20A0C60242FB687731A651179E17ABF4D7B0FF6063DEA3E476C7DEADA441C620
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781728D9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                        • Opcode ID: 56c47cfc8464f7969a639e7ce3d60490623cf8b9b00151c5924cedcf2ef07519
                                                                                                                                                                                                                                                                        • Instruction ID: a25e937643ae0bc0efd152c331d1844f0335be8e57b0276af1235ff8bfab24ee
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56c47cfc8464f7969a639e7ce3d60490623cf8b9b00151c5924cedcf2ef07519
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E119321B18A4186F350AB12E844329A2A0FB9CFE4FA40238DE1E877A5CFBCD545C754
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171C078 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF781715CBD,?,?,?,?,00007FF78171F9AF,?,?,00000000,00007FF78171C196,?,?,?), ref: 00007FF78171C087
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF781715CBD,?,?,?,?,00007FF78171F9AF,?,?,00000000,00007FF78171C196,?,?,?), ref: 00007FF78171C0BD
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF781715CBD,?,?,?,?,00007FF78171F9AF,?,?,00000000,00007FF78171C196,?,?,?), ref: 00007FF78171C0EA
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF781715CBD,?,?,?,?,00007FF78171F9AF,?,?,00000000,00007FF78171C196,?,?,?), ref: 00007FF78171C0FB
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF781715CBD,?,?,?,?,00007FF78171F9AF,?,?,00000000,00007FF78171C196,?,?,?), ref: 00007FF78171C10C
                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF781715CBD,?,?,?,?,00007FF78171F9AF,?,?,00000000,00007FF78171C196,?,?,?), ref: 00007FF78171C127
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                        • Opcode ID: 1d6d34f25b4e15651fb5ef4073e48a7136f047fe8116dc42d62c874e1d236ac0
                                                                                                                                                                                                                                                                        • Instruction ID: 7ad9453c6e16213c0334060f76b835f4ad9517a30d9a80e0fcae9f5f156e2004
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d6d34f25b4e15651fb5ef4073e48a7136f047fe8116dc42d62c874e1d236ac0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8115B20A0CA4242FB54B771AA51179E162BF4E7B0FF5073DE93E476C7DEACA441C224
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                                        • Opcode ID: 035139a28c932b525dc7cac8fcdac5569ee169202821a797d5d04823a4addf63
                                                                                                                                                                                                                                                                        • Instruction ID: 4c92e3b0374f58fcea0244910cb9d7ec349e3ad4332834635fb075ffe30e4650
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 035139a28c932b525dc7cac8fcdac5569ee169202821a797d5d04823a4addf63
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A315036A08A8285EB24EB21E8551F9B360FF8D784FA40139EA4E4BB56DF7CD145C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817029C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF781708AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF7817029F4
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708770: GetLastError.KERNEL32(00000000,00007FF781702A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF78170101D), ref: 00007FF781708797
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708770: FormatMessageW.KERNEL32 ref: 00007FF7817087C6
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF781702A9B), ref: 00007FF781708E1A
                                                                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF781702AD0
                                                                                                                                                                                                                                                                        • MessageBoxA.USER32 ref: 00007FF781702AEC
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                                        • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                                        • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                                                        • Opcode ID: e540fe95cbcf3c4f9a9ac735379b1c9e9ae60ded60aea03e9d716fb219e4d584
                                                                                                                                                                                                                                                                        • Instruction ID: 2bb170ba91afa9e0c99c1535197491e6e8ad037e96efeac53cc5ce5f02be4dc0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e540fe95cbcf3c4f9a9ac735379b1c9e9ae60ded60aea03e9d716fb219e4d584
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94316672628B8181E730EB10E8516EAA364FF987C4FD0413AEA8D03A5ADF7CD745CB50
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171A83C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                        • Opcode ID: 2230a043baf354bfbc53885d3c0454218b923bdff90d2529a0827c645eda448d
                                                                                                                                                                                                                                                                        • Instruction ID: e7fac6c960adb34be96ecc98ca9f6b8fb104f80ac360e0fb6e6e36ed9adc53f1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2230a043baf354bfbc53885d3c0454218b923bdff90d2529a0827c645eda448d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2F0C861B0964281FB20AB24E445335A320FF9C755FF4063DDA6E451E5CF6CE04AC360
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78172A420 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                        • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                                        • Instruction ID: a2bc18a3e561b0b045922374e48f0af2ae18f5f45e27d1d01a37bc189b533192
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7113D62E18A0301FB54316DE45A375A341FF5D371EB40ABDE96F06AD7CEACE842C124
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171C140 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF78171B35B,?,?,00000000,00007FF78171B5F6,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171C15F
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF78171B35B,?,?,00000000,00007FF78171B5F6,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171C17E
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF78171B35B,?,?,00000000,00007FF78171B5F6,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171C1A6
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF78171B35B,?,?,00000000,00007FF78171B5F6,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171C1B7
                                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF78171B35B,?,?,00000000,00007FF78171B5F6,?,?,?,?,?,00007FF7817138BC), ref: 00007FF78171C1C8
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                        • Opcode ID: 0edf6ad027cd4432b184a000666696f4467c11918a062e73d65072d1230534f5
                                                                                                                                                                                                                                                                        • Instruction ID: 7b431009db60ed7603f0af932e47c0e3826ffb7a4a473237f0286e8038d967e7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0edf6ad027cd4432b184a000666696f4467c11918a062e73d65072d1230534f5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10118C60A4CA0202FB59B361A951179D2627F4D3B0FF9433DE87E866C7DEACA441D224
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171BFD4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                        • Opcode ID: 33c1781fd03adb740af2f2b373a1a36dcaefa8e0d61b13fcb7fb9143c19327a2
                                                                                                                                                                                                                                                                        • Instruction ID: 714ccc85c97938584c98dfb394662e5cd35c8fddad34afad59ce6d0a70949c55
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33c1781fd03adb740af2f2b373a1a36dcaefa8e0d61b13fcb7fb9143c19327a2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9111810A0C60701FB68B271A8225B991626F4E7B4EFA073DE97E4A2D3DDADB445C235
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF7817169F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                                        • Opcode ID: 0e1375701995164762774767e6acc307974a31e0cd050619d1c211530d762839
                                                                                                                                                                                                                                                                        • Instruction ID: 5f395bf10491319ee1ad570a9efa9551550a53bbf614a243abcb25e16b651306
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e1375701995164762774767e6acc307974a31e0cd050619d1c211530d762839
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4991D322A0864681F722AE25E45037DB7A5FB48B94FE6413AEA49473C6DEFCE405C360
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781720AA0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                                        • Opcode ID: de4b53a7bd72cc9a75fc72bdb9aa8b7520de62a16ef0f4afa2e89dc7587c8b22
                                                                                                                                                                                                                                                                        • Instruction ID: 4b1b5fc3b713405b58e382909786cfb808c594238a065bea1f016831eacf414d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de4b53a7bd72cc9a75fc72bdb9aa8b7520de62a16ef0f4afa2e89dc7587c8b22
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE81A3B5D0834285F7756E2981502B8B6A0FB19B48FF5407DCA0B57296DBBCF483D231
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170CF80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                                        • Opcode ID: 81dbbe3a269521ccb6618414f5b7d9ba6a400a48ab9a514a04d3b64c82b69e43
                                                                                                                                                                                                                                                                        • Instruction ID: fcd642038730629fbe4a2fd0cd2a114ded22cf02f1bd4b5165691095abc79e97
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81dbbe3a269521ccb6618414f5b7d9ba6a400a48ab9a514a04d3b64c82b69e43
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6251AB32B197018ADB14EF15E84467DB3A1FB48B94FA18139DA4E4778AEFBDE841C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170F800 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                                        • Opcode ID: 93010d95ed42164ec617659bf15c462d53d81a38e330ec23f798dc78275aa1b2
                                                                                                                                                                                                                                                                        • Instruction ID: 8a91eb2d5efcbe60462f78708f0ec3775916d80d670a90247bc6b54b17361c70
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93010d95ed42164ec617659bf15c462d53d81a38e330ec23f798dc78275aa1b2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F861A672908BC582E760AF15E8407A9F7A0FB89794F544239EB8D43B96DFBCD190CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78170FBB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                                        • Opcode ID: 7fe73a2a5521307b3718a11731218a5d657cd704d90c9c291f237acf2a87c54e
                                                                                                                                                                                                                                                                        • Instruction ID: ec73e81ff4ca48d2061cca6e04cbb0bd376f448f2de3943018f3c79ac29db4be
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fe73a2a5521307b3718a11731218a5d657cd704d90c9c291f237acf2a87c54e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9251A23290874287EB64AF119854369B7A0FB58B88FA4413ADE9D47BC7CFBCE491C750
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781702870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                                        • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                                        • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                                                        • Opcode ID: bd3b1ec170c9362c6821fd135409a0077202d763314442d1f4ebee1409f7e8bb
                                                                                                                                                                                                                                                                        • Instruction ID: 18352675a5605e32c7a29ebeb14a43b8906dc898b3b82c7535f157fc0c5aa42d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd3b1ec170c9362c6821fd135409a0077202d763314442d1f4ebee1409f7e8bb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4731647262868281E720FB10E4516EAE3A4FF987C4FD0413AE68D47A9ADF7CD745CB50
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781704340 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF781708DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF781702A9B), ref: 00007FF781708E1A
                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,?,?,00007FF781703FB9,?,00007FF7817039CA), ref: 00007FF7817043A8
                                                                                                                                                                                                                                                                        • GetFinalPathNameByHandleW.KERNEL32(?,?,00007FF781703FB9,?,00007FF7817039CA), ref: 00007FF7817043C8
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00007FF781703FB9,?,00007FF7817039CA), ref: 00007FF7817043D3
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Handle$ByteCharCloseCreateFileFinalMultiNamePathWide
                                                                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                                                                        • API String ID: 2226452419-4282027825
                                                                                                                                                                                                                                                                        • Opcode ID: 73aa29fffb20bf18054ec36f2ff632c499c886adceaf3567ccea49c9f56a016a
                                                                                                                                                                                                                                                                        • Instruction ID: 6a9de38f23113833c20692d54f512fd34b41239847ca6805b1c6131c67b20b23
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73aa29fffb20bf18054ec36f2ff632c499c886adceaf3567ccea49c9f56a016a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3921E172B0865145E720EB21F8447AAA351FB8C7D4F900239EF4E43A96DFBCD549CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171D350 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                        • Opcode ID: f3307fa9b22cd1c245fea77c51432e5876b76cda8032067fabe2ab74fde9908f
                                                                                                                                                                                                                                                                        • Instruction ID: 029fc3a6a85a6ccbdb3ebc84248ecd8f85c0d92eccf44b737378862f1924e6b6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3307fa9b22cd1c245fea77c51432e5876b76cda8032067fabe2ab74fde9908f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AD12272B08A8189E710DF75C4442ECB7B2FB487D8BA54239DE5E97B8ADE78D406C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781702310 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                                                                        • Opcode ID: c8ffd58409c2a817e2eafc26a907e7367a815fa90807bfabd45e1aee5e5800ec
                                                                                                                                                                                                                                                                        • Instruction ID: 408645fd7eeb35849932e81103c81c98fa64847ee48e4ddf824a800b132c73c5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8ffd58409c2a817e2eafc26a907e7367a815fa90807bfabd45e1aee5e5800ec
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87118622A0824242F754A769E9442B9D351FF9CB80FE48039DA4D06B9BCDACE585C610
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781726A6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                                        • Opcode ID: f890908d659084ad7121073ce0088269a90ad82ae80dac5e2e3914c615d8a80e
                                                                                                                                                                                                                                                                        • Instruction ID: d04a996f6c70d70f8f57c2f71465e02089abc5b3feff87c5aede9a7cb8e3904a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f890908d659084ad7121073ce0088269a90ad82ae80dac5e2e3914c615d8a80e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E41EA12A0828245FB647B15A401779A660FB887A5F74427EFF5E06AD7DE7CD442C710
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781719DC8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF781719DFA
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B700: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B716
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF78171B700: GetLastError.KERNEL32(?,?,?,00007FF781723B72,?,?,?,00007FF781723BAF,?,?,00000000,00007FF781724075,?,?,00000000,00007FF781723FA7), ref: 00007FF78171B720
                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF78170C335), ref: 00007FF781719E18
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\purchaseorder4.exe
                                                                                                                                                                                                                                                                        • API String ID: 2553983749-1322668137
                                                                                                                                                                                                                                                                        • Opcode ID: c42a6c659c5db1ae71af4eb7c2a93e6566414c7d452b3721f18450dfb04df98c
                                                                                                                                                                                                                                                                        • Instruction ID: c47130a0381b41eeb525e06d724a78872f9116e1b06cd0b40e38df44b64ec54c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c42a6c659c5db1ae71af4eb7c2a93e6566414c7d452b3721f18450dfb04df98c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF419376A0871285E715FF25D4400B8A3A5FB4D7D4BE6403EEA4E47B46DE7CE582C360
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF78171D9E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                        • Opcode ID: 76bc1a38fdffd9ebe3e6e71a83b0ba687688a06d9a48e83c019cb8b3d6fff0c8
                                                                                                                                                                                                                                                                        • Instruction ID: 9f48fb30ab69df03fe75ddf797a844a888e798ef4f71c1f67175a725e5f38ae5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76bc1a38fdffd9ebe3e6e71a83b0ba687688a06d9a48e83c019cb8b3d6fff0c8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F41C322A18A8181DB20EF25E8443A9A760FB887C4F914139EE4E87759EF7CD541CB50
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781720108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                                        • Opcode ID: d9863b25c12ac0fefb21a7bf7c484e36ee931251d3e87798423fc60bfb7291bd
                                                                                                                                                                                                                                                                        • Instruction ID: a9750a5372dbfa6d4cbcf881deb7834fc47c8c1488aac37b4d4b4dccbfc60d3b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9863b25c12ac0fefb21a7bf7c484e36ee931251d3e87798423fc60bfb7291bd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A421A522A0868181EB24AB15D44426DB3B1FB8CB84FF5413DDA8E47686DFBCD946C761
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781702B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                                        • String ID: Fatal error detected
                                                                                                                                                                                                                                                                        • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                                                        • Opcode ID: cc7983d7ddd1ca4fe6b0e820e7fb498cdab092a0274b8afa64f738c4e3f04b3b
                                                                                                                                                                                                                                                                        • Instruction ID: ab46e69ab791a5cc23521a4b7ff2873f2a77d685023bce6bb6520ac5d1f57643
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc7983d7ddd1ca4fe6b0e820e7fb498cdab092a0274b8afa64f738c4e3f04b3b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71218672628B8191E720EB10E8516EAF354FF98788FD0113AE78D47A6ADF7CD245CB10
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781702C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                                        • String ID: Error detected
                                                                                                                                                                                                                                                                        • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                                                        • Opcode ID: 339977713d7da472da6bf6cde3ee098e7c711e0ac5788cc03ff0aed866900f2e
                                                                                                                                                                                                                                                                        • Instruction ID: 6105565633385ebf43f16705abf70cf3bb909ff9fc2af635c3f1e2680ad307c5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339977713d7da472da6bf6cde3ee098e7c711e0ac5788cc03ff0aed866900f2e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E21747262868181E720EB10F8516EAE354FF9C788FD0113AE68D47A5ADF7CD245CB50
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781710678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                        • Opcode ID: fd7208e01f832ae2c3cc6aa9bb96c2aefef2cc6e58d8a602234d9daac72df826
                                                                                                                                                                                                                                                                        • Instruction ID: 7673952615c28cf586acd8770e31a56322cbaec4768adf150fdffed6fa6a2724
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd7208e01f832ae2c3cc6aa9bb96c2aefef2cc6e58d8a602234d9daac72df826
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14115B32608B8182EB209B15F40026AB7E1FB9CB84FB94634DA8D07766DF7CC551CB00
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF781721594 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2400807299.00007FF781701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF781700000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400778030.00007FF781700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400849790.00007FF78172C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF78173F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400882564.00007FF781741000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2400934752.00007FF781743000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff781700000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                                        • Opcode ID: b3a001ff98c302286219bbad5be65c90682500455353c0d2fccc423422cbb122
                                                                                                                                                                                                                                                                        • Instruction ID: f3c002980a6a5e622fbce95a246e7c86cfe9f6490bb431ec6702497990d849a1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3a001ff98c302286219bbad5be65c90682500455353c0d2fccc423422cbb122
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0201B12191C64286E720BF61945127AE3A0FF4C744FF4057DD54E46296EEACD505CA30
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                        Execution Coverage:1.2%
                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                                        Total number of Nodes:426
                                                                                                                                                                                                                                                                        Total number of Limit Nodes:48
                                                                                                                                                                                                                                                                        execution_graph 66481 7ff8a8040090 66482 7ff8a80400e0 66481->66482 66483 7ff8a80400f2 strcmp 66482->66483 66484 7ff8a8040105 66482->66484 66483->66484 66503 7ff8a80253c0 66484->66503 66486 7ff8a80253c0 new[] 16 API calls 66489 7ff8a804042a 66486->66489 66500 7ff8a80401f4 66489->66500 66507 7ff8a8037aa0 66489->66507 66490 7ff8a804015a 66490->66490 66492 7ff8a80253c0 new[] 16 API calls 66490->66492 66498 7ff8a804023a 66490->66498 66490->66500 66493 7ff8a80401e8 66492->66493 66494 7ff8a804022f memcpy 66493->66494 66493->66498 66493->66500 66494->66498 66495 7ff8a8040485 66497 7ff8a8040509 66495->66497 66501 7ff8a80405f9 66495->66501 66531 7ff8a802c410 66495->66531 66497->66501 66553 7ff8a8037000 16 API calls 66497->66553 66498->66486 66498->66500 66498->66501 66544 7ff8a814f0a0 66500->66544 66501->66500 66554 7ff8a80371e0 50 API calls 66501->66554 66504 7ff8a80253d9 66503->66504 66505 7ff8a8025485 66503->66505 66504->66505 66555 7ff8a8024c75 malloc 66504->66555 66505->66490 66508 7ff8a8037c80 66507->66508 66511 7ff8a8037b34 66507->66511 66510 7ff8a80253c0 new[] 16 API calls 66508->66510 66525 7ff8a8037b86 66508->66525 66509 7ff8a80253c0 new[] 16 API calls 66512 7ff8a8037bdb 66509->66512 66523 7ff8a8037ca7 66510->66523 66511->66511 66515 7ff8a80253c0 new[] 16 API calls 66511->66515 66511->66525 66513 7ff8a8037be7 memset 66512->66513 66526 7ff8a8037db9 66512->66526 66514 7ff8a8037c4d memcpy 66513->66514 66522 7ff8a8037e70 66513->66522 66516 7ff8a8037c6a memcpy 66514->66516 66517 7ff8a8037e22 66514->66517 66518 7ff8a8037b64 66515->66518 66519 7ff8a8037e25 memcpy memcpy 66516->66519 66517->66519 66520 7ff8a8037b70 memcpy 66518->66520 66518->66526 66519->66522 66520->66525 66528 7ff8a8038157 66522->66528 66560 7ff8a802eb60 66522->66560 66523->66525 66523->66526 66574 7ff8a80e2f50 16 API calls 66523->66574 66525->66509 66525->66526 66526->66495 66527 7ff8a80380f5 strcmp 66529 7ff8a8037f21 66527->66529 66528->66526 66575 7ff8a8037000 16 API calls 66528->66575 66529->66527 66529->66528 66532 7ff8a802c43d 66531->66532 66538 7ff8a802c48b 66531->66538 66533 7ff8a802c474 memcpy 66532->66533 66534 7ff8a802c454 memcpy 66532->66534 66533->66538 66543 7ff8a802c459 66534->66543 66535 7ff8a802c4b4 ReadFile 66536 7ff8a802c549 66535->66536 66535->66538 66537 7ff8a802c579 66536->66537 66588 7ff8a8028b90 16 API calls 66536->66588 66540 7ff8a802c588 memset 66537->66540 66537->66543 66538->66535 66538->66536 66541 7ff8a802c521 66538->66541 66540->66543 66587 7ff8a802c240 21 API calls 66541->66587 66543->66497 66545 7ff8a814f0a9 66544->66545 66546 7ff8a8040211 66545->66546 66547 7ff8a814f0f4 IsProcessorFeaturePresent 66545->66547 66548 7ff8a814f10c 66547->66548 66589 7ff8a814f2e8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 66548->66589 66550 7ff8a814f11f 66590 7ff8a814f0c0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 66550->66590 66553->66501 66554->66500 66556 7ff8a8024c8e 66555->66556 66557 7ff8a8024ca0 66555->66557 66559 7ff8a8028b90 16 API calls 66556->66559 66557->66505 66559->66557 66567 7ff8a802ebae 66560->66567 66563 7ff8a814f0a0 8 API calls 66564 7ff8a802f33a 66563->66564 66564->66529 66565 7ff8a802efd0 66565->66563 66566 7ff8a802ee00 CreateFileW 66566->66567 66567->66565 66567->66566 66570 7ff8a802f09d 66567->66570 66576 7ff8a802b990 66567->66576 66582 7ff8a802e5a0 27 API calls new[] 66567->66582 66583 7ff8a802f4e0 22 API calls 66567->66583 66584 7ff8a8028b90 16 API calls 66567->66584 66585 7ff8a802c240 21 API calls 66570->66585 66572 7ff8a802f0c8 66586 7ff8a80e2f50 16 API calls 66572->66586 66574->66525 66575->66526 66577 7ff8a802b9ce 66576->66577 66578 7ff8a80253c0 new[] 16 API calls 66577->66578 66581 7ff8a802ba17 66577->66581 66579 7ff8a802b9e3 66578->66579 66580 7ff8a802b9eb memset 66579->66580 66579->66581 66580->66581 66581->66567 66582->66567 66583->66567 66584->66567 66585->66572 66586->66565 66587->66543 66588->66537 66589->66550 66591 7ff8a82c2b58 66592 7ff8a84ba950 66591->66592 66593 7ff8a84ba95a TlsFree 66592->66593 66594 7ff8a8080210 66600 7ff8a808024f 66594->66600 66610 7ff8a8080627 66594->66610 66596 7ff8a80804d3 66597 7ff8a80804fb memcpy 66596->66597 66596->66610 66631 7ff8a8075980 16 API calls new[] 66596->66631 66604 7ff8a8080527 66597->66604 66599 7ff8a808066e 66601 7ff8a8080688 66599->66601 66602 7ff8a8080695 66599->66602 66611 7ff8a8025b90 66600->66611 66603 7ff8a8025b90 16 API calls 66601->66603 66608 7ff8a8080693 66602->66608 66618 7ff8a8025c50 66602->66618 66603->66608 66604->66599 66606 7ff8a8080613 66604->66606 66632 7ff8a8029ad0 16 API calls 66606->66632 66608->66608 66609 7ff8a8080740 memcpy 66608->66609 66608->66610 66609->66610 66612 7ff8a8025b50 66611->66612 66613 7ff8a80253c0 new[] 16 API calls 66612->66613 66614 7ff8a8025bbd 66612->66614 66615 7ff8a8025b65 66613->66615 66614->66596 66617 7ff8a8025b75 66615->66617 66633 7ff8a8025f50 16 API calls 66615->66633 66617->66596 66619 7ff8a8025c6a 66618->66619 66620 7ff8a8025d01 66618->66620 66621 7ff8a8025cd8 66619->66621 66623 7ff8a8025c7c 66619->66623 66620->66608 66634 7ff8a8025860 66621->66634 66625 7ff8a8025b90 15 API calls 66623->66625 66626 7ff8a8025c89 66625->66626 66629 7ff8a8025caa memcpy 66626->66629 66630 7ff8a8025cba 66626->66630 66628 7ff8a8025cf3 66628->66608 66629->66630 66630->66608 66631->66597 66632->66610 66633->66617 66635 7ff8a8025875 66634->66635 66636 7ff8a802589b 66635->66636 66639 7ff8a8024cd5 realloc 66635->66639 66636->66630 66638 7ff8a8025f50 16 API calls 66636->66638 66638->66628 66640 7ff8a8024d14 66639->66640 66641 7ff8a8024cf6 _msize 66639->66641 66640->66636 66643 7ff8a8028b90 16 API calls 66641->66643 66643->66640 66644 7ff8a807e2f0 66645 7ff8a807e31c 66644->66645 66655 7ff8a807e321 66644->66655 66657 7ff8a80a1c30 66645->66657 66647 7ff8a807e41e 66648 7ff8a807e41a 66648->66647 66649 7ff8a807e476 66648->66649 66650 7ff8a807e460 66648->66650 66664 7ff8a8029ad0 16 API calls 66649->66664 66663 7ff8a8029ad0 16 API calls 66650->66663 66653 7ff8a807e407 66653->66648 66662 7ff8a80bd3d0 21 API calls new[] 66653->66662 66655->66647 66655->66648 66655->66653 66661 7ff8a80bb640 18 API calls new[] 66655->66661 66658 7ff8a80a1c49 66657->66658 66659 7ff8a80a1c55 66657->66659 66665 7ff8a80a1b60 66658->66665 66659->66655 66661->66653 66662->66648 66663->66647 66664->66647 66666 7ff8a80a1ba9 66665->66666 66667 7ff8a80a1b9c 66665->66667 66669 7ff8a80a1bfd 66666->66669 66670 7ff8a80a16d0 91 API calls 66666->66670 66671 7ff8a80a16d0 66667->66671 66669->66659 66670->66666 66703 7ff8a80a13d0 66671->66703 66673 7ff8a80a17b3 66678 7ff8a814f0a0 8 API calls 66673->66678 66674 7ff8a80a1b27 66778 7ff8a807e840 18 API calls 66674->66778 66675 7ff8a80a178c 66675->66673 66683 7ff8a80a1868 66675->66683 66687 7ff8a80a184e 66675->66687 66734 7ff8a8041670 66675->66734 66680 7ff8a80a1b47 66678->66680 66680->66666 66681 7ff8a80a17fd 66682 7ff8a80a1803 66681->66682 66681->66683 66684 7ff8a8025b90 16 API calls 66682->66684 66682->66687 66686 7ff8a80a18f5 66683->66686 66688 7ff8a80a18d2 66683->66688 66685 7ff8a80a1837 66684->66685 66685->66687 66689 7ff8a80a183f memcpy 66685->66689 66690 7ff8a8025b90 16 API calls 66686->66690 66687->66673 66687->66674 66777 7ff8a8025f50 16 API calls 66687->66777 66691 7ff8a80a1a14 66688->66691 66692 7ff8a80a19ce 66688->66692 66689->66687 66697 7ff8a80a1902 66690->66697 66743 7ff8a80289a0 66691->66743 66693 7ff8a8025b90 16 API calls 66692->66693 66693->66697 66697->66687 66776 7ff8a8042e10 60 API calls 66697->66776 66698 7ff8a80a1a78 66700 7ff8a80a1aa6 66698->66700 66774 7ff8a807bb10 90 API calls 66698->66774 66700->66697 66775 7ff8a807e8c0 18 API calls 66700->66775 66704 7ff8a80a13f2 66703->66704 66724 7ff8a80a1683 66703->66724 66705 7ff8a80a13fb 66704->66705 66708 7ff8a80a1413 66704->66708 66814 7ff8a80a12c0 16 API calls 66705->66814 66707 7ff8a80a1406 66707->66675 66710 7ff8a80a1452 66708->66710 66715 7ff8a80a15fd 66708->66715 66711 7ff8a80a14a4 66710->66711 66815 7ff8a80a12c0 16 API calls 66710->66815 66779 7ff8a80a1f40 memset 66711->66779 66714 7ff8a80a1511 66717 7ff8a80a1556 66714->66717 66714->66724 66725 7ff8a80a159c 66714->66725 66715->66724 66823 7ff8a80a12c0 16 API calls 66715->66823 66819 7ff8a8028b90 16 API calls 66717->66819 66719 7ff8a80a1513 66719->66714 66817 7ff8a80e1340 19 API calls 66719->66817 66720 7ff8a80a1509 66816 7ff8a8025f50 16 API calls 66720->66816 66721 7ff8a80a1565 66820 7ff8a8028b90 16 API calls 66721->66820 66724->66675 66821 7ff8a80537d0 74 API calls 66725->66821 66727 7ff8a80a158d 66727->66675 66729 7ff8a80a1524 66818 7ff8a80a12c0 16 API calls 66729->66818 66731 7ff8a80a15c8 66822 7ff8a80df5d0 56 API calls 66731->66822 66733 7ff8a80a15ee 66733->66675 66737 7ff8a80416ab 66734->66737 66735 7ff8a8041706 66735->66681 66736 7ff8a80418ba 66736->66735 66886 7ff8a8039be0 18 API calls new[] 66736->66886 66737->66735 66737->66736 66869 7ff8a8041240 66737->66869 66883 7ff8a80359f0 38 API calls 66737->66883 66884 7ff8a8038fa0 memcmp 66737->66884 66885 7ff8a80415a0 17 API calls 66737->66885 66972 7ff8a80288d0 66743->66972 66746 7ff8a809a690 66747 7ff8a809a6bf 66746->66747 66748 7ff8a809a6b6 66746->66748 66747->66748 66749 7ff8a809a729 66747->66749 67031 7ff8a8028b90 16 API calls 66748->67031 66755 7ff8a809aba3 66749->66755 66756 7ff8a809ab90 66749->66756 66764 7ff8a8025b90 16 API calls 66749->66764 66767 7ff8a809ab96 66749->66767 66771 7ff8a809ab80 66749->66771 66773 7ff8a80a13d0 87 API calls 66749->66773 66996 7ff8a80a2560 66749->66996 67008 7ff8a8056f60 66749->67008 67033 7ff8a8058200 19 API calls 66749->67033 67034 7ff8a804ed80 19 API calls 66749->67034 67035 7ff8a8053860 74 API calls 66749->67035 66751 7ff8a809a6ee 67032 7ff8a8028b90 16 API calls 66751->67032 66753 7ff8a809a718 66753->66698 66761 7ff8a809adee 66755->66761 67039 7ff8a80e1340 19 API calls 66755->67039 66756->66755 67038 7ff8a80537d0 74 API calls 66756->67038 66760 7ff8a809adb8 66760->66761 66762 7ff8a80253c0 new[] 16 API calls 66760->66762 66761->66698 66765 7ff8a809add6 66762->66765 66764->66749 66765->66761 66766 7ff8a809adde memcpy 66765->66766 66766->66761 67037 7ff8a8053860 74 API calls 66767->67037 67036 7ff8a8025f50 16 API calls 66771->67036 66773->66749 66774->66700 66775->66697 66776->66687 66777->66674 66778->66673 66780 7ff8a80a2013 66779->66780 66792 7ff8a80a2024 66779->66792 66842 7ff8a8029ad0 16 API calls 66780->66842 66782 7ff8a80a21e4 66824 7ff8a80dd180 66782->66824 66783 7ff8a80a20fb 66783->66782 66784 7ff8a80a212e 66783->66784 66786 7ff8a80a2184 66784->66786 66787 7ff8a80a2137 66784->66787 66789 7ff8a8025b90 16 API calls 66786->66789 66790 7ff8a80a21bd 66786->66790 66843 7ff8a80299b0 19 API calls 66787->66843 66791 7ff8a80a2195 66789->66791 66801 7ff8a8025b90 16 API calls 66790->66801 66810 7ff8a80a2263 66790->66810 66791->66790 66795 7ff8a80a219d memcpy 66791->66795 66792->66783 66794 7ff8a80a215f 66792->66794 66793 7ff8a80a2277 66797 7ff8a80a23b7 66793->66797 66848 7ff8a8053860 74 API calls 66793->66848 66844 7ff8a80299b0 19 API calls 66794->66844 66798 7ff8a80dd180 17 API calls 66795->66798 66807 7ff8a80a214b 66797->66807 66849 7ff8a80299b0 19 API calls 66797->66849 66798->66790 66804 7ff8a80a2246 66801->66804 66802 7ff8a80a2536 66805 7ff8a814f0a0 8 API calls 66802->66805 66806 7ff8a80a224e memcpy 66804->66806 66804->66810 66808 7ff8a80a14e0 66805->66808 66806->66810 66850 7ff8a80a1c90 17 API calls 66807->66850 66808->66714 66808->66719 66808->66720 66809 7ff8a8041670 55 API calls 66809->66810 66810->66793 66810->66807 66810->66809 66845 7ff8a8025f50 16 API calls 66810->66845 66846 7ff8a807e840 18 API calls 66810->66846 66847 7ff8a8042e10 60 API calls 66810->66847 66814->66707 66815->66711 66816->66714 66817->66729 66818->66714 66819->66721 66820->66727 66821->66731 66822->66733 66823->66724 66825 7ff8a80dd1d1 66824->66825 66826 7ff8a80dd4d0 66825->66826 66829 7ff8a80dd58f 66825->66829 66851 7ff8a80dc5a0 66825->66851 66830 7ff8a80dd603 66826->66830 66835 7ff8a80289a0 16 API calls 66826->66835 66838 7ff8a80dd5e6 66826->66838 66861 7ff8a8029ad0 16 API calls 66829->66861 66834 7ff8a80dd6a4 66830->66834 66863 7ff8a807ecf0 17 API calls 66830->66863 66832 7ff8a814f0a0 8 API calls 66837 7ff8a80dd746 66832->66837 66840 7ff8a80dd6fd 66834->66840 66864 7ff8a80b2600 17 API calls 66834->66864 66835->66838 66837->66790 66862 7ff8a8028b90 16 API calls 66838->66862 66839 7ff8a80dd6cb 66839->66840 66865 7ff8a806af70 17 API calls 66839->66865 66840->66832 66842->66792 66843->66807 66844->66807 66845->66810 66846->66810 66847->66810 66848->66797 66849->66807 66850->66802 66852 7ff8a80dc5e4 66851->66852 66853 7ff8a80dc705 66852->66853 66854 7ff8a80dc6c1 66852->66854 66855 7ff8a80dc734 66853->66855 66856 7ff8a80dc747 66853->66856 66860 7ff8a80dc6df 66853->66860 66854->66860 66866 7ff8a80d9920 16 API calls 66854->66866 66867 7ff8a8029ad0 16 API calls 66855->66867 66868 7ff8a8029ad0 16 API calls 66856->66868 66860->66825 66861->66826 66862->66830 66863->66834 66864->66839 66865->66840 66866->66860 66867->66860 66868->66860 66887 7ff8a8038670 66869->66887 66872 7ff8a804142c 66877 7ff8a8041375 66872->66877 66933 7ff8a80359f0 38 API calls 66872->66933 66876 7ff8a8041364 66876->66872 66876->66877 66878 7ff8a804140a 66876->66878 66880 7ff8a80413df 66876->66880 66877->66737 66878->66872 66932 7ff8a80e2ed0 16 API calls 66878->66932 66931 7ff8a8037000 16 API calls 66880->66931 66884->66737 66885->66737 66886->66735 66888 7ff8a8038927 66887->66888 66894 7ff8a80386a0 66887->66894 66889 7ff8a80389ce 66888->66889 66939 7ff8a803cc90 27 API calls 66888->66939 66906 7ff8a803873e 66889->66906 66941 7ff8a8035440 memset 66889->66941 66892 7ff8a814f0a0 8 API calls 66893 7ff8a8038a29 66892->66893 66893->66877 66909 7ff8a8038a40 66893->66909 66894->66888 66894->66889 66895 7ff8a8038731 66894->66895 66899 7ff8a8038743 66894->66899 66900 7ff8a8038868 66894->66900 66934 7ff8a8035440 memset 66895->66934 66896 7ff8a8038989 66896->66889 66896->66896 66940 7ff8a8032a80 memset 66896->66940 66899->66889 66908 7ff8a80387f2 66899->66908 66935 7ff8a80e2f50 16 API calls 66899->66935 66900->66888 66900->66889 66938 7ff8a803a300 17 API calls 66900->66938 66901 7ff8a8038835 66901->66900 66902 7ff8a8038854 66901->66902 66937 7ff8a8035440 memset 66902->66937 66906->66892 66908->66901 66908->66902 66936 7ff8a8036240 23 API calls 66908->66936 66910 7ff8a8038a62 66909->66910 66911 7ff8a8038a95 66909->66911 66954 7ff8a8028b90 16 API calls 66910->66954 66942 7ff8a8033880 66911->66942 66913 7ff8a8038a8e 66913->66872 66913->66876 66913->66877 66930 7ff8a803a300 17 API calls 66913->66930 66914 7ff8a8038beb 66918 7ff8a8038c1d 66914->66918 66921 7ff8a8038c03 66914->66921 66915 7ff8a8038bbd 66955 7ff8a8028b90 16 API calls 66915->66955 66922 7ff8a8038c52 66918->66922 66924 7ff8a8038b68 66918->66924 66919 7ff8a8038ab9 66919->66913 66919->66914 66919->66915 66919->66924 66920 7ff8a8038c8d memset 66920->66913 66948 7ff8a80365e0 66921->66948 66922->66920 66925 7ff8a8038c75 66922->66925 66957 7ff8a8031bf0 18 API calls new[] 66922->66957 66924->66913 66956 7ff8a80359f0 38 API calls 66924->66956 66958 7ff8a80350f0 20 API calls new[] 66925->66958 66928 7ff8a8038c7f 66928->66920 66930->66876 66931->66877 66932->66872 66934->66906 66935->66908 66936->66901 66937->66906 66938->66888 66939->66896 66940->66889 66941->66906 66943 7ff8a80338d7 66942->66943 66946 7ff8a80338fe 66943->66946 66947 7ff8a8033913 66943->66947 66968 7ff8a80331d0 17 API calls new[] 66943->66968 66946->66919 66947->66946 66959 7ff8a8032ff0 66947->66959 66949 7ff8a803660a 66948->66949 66950 7ff8a8036617 66948->66950 66971 7ff8a803d060 18 API calls 66949->66971 66952 7ff8a8036627 66950->66952 66953 7ff8a802c410 25 API calls 66950->66953 66952->66924 66953->66952 66954->66913 66955->66924 66957->66925 66958->66928 66963 7ff8a803311b 66959->66963 66964 7ff8a8033018 66959->66964 66960 7ff8a8033120 66970 7ff8a8032d60 16 API calls new[] 66960->66970 66962 7ff8a8033111 66969 7ff8a8032d60 16 API calls new[] 66962->66969 66963->66946 66966 7ff8a80253c0 new[] 16 API calls 66964->66966 66967 7ff8a803308b 66964->66967 66966->66967 66967->66960 66967->66962 66967->66963 66968->66947 66969->66963 66970->66963 66971->66950 66981 7ff8a80261c0 66972->66981 66974 7ff8a802896f 66976 7ff8a814f0a0 8 API calls 66974->66976 66978 7ff8a8028982 66976->66978 66978->66746 66980 7ff8a8028956 66980->66974 66993 7ff8a8025f50 16 API calls 66980->66993 66986 7ff8a802620e 66981->66986 66982 7ff8a8027be1 66983 7ff8a814f0a0 8 API calls 66982->66983 66984 7ff8a8027c6f 66983->66984 66984->66980 66992 7ff8a80284e0 16 API calls new[] 66984->66992 66985 7ff8a8026332 66985->66982 66995 7ff8a8028410 16 API calls 66985->66995 66986->66982 66986->66985 66987 7ff8a8026334 66986->66987 66988 7ff8a8026324 66986->66988 66987->66985 66991 7ff8a8026338 memcpy 66987->66991 66994 7ff8a8028410 16 API calls 66988->66994 66991->66985 66992->66980 66993->66974 66994->66985 66995->66982 66997 7ff8a80a25e9 66996->66997 66998 7ff8a80a2595 66996->66998 66997->66998 66999 7ff8a80a2609 66997->66999 67040 7ff8a8028b90 16 API calls 66998->67040 67000 7ff8a80a25ad 66999->67000 67006 7ff8a80a260e 66999->67006 67041 7ff8a8028b90 16 API calls 67000->67041 67003 7ff8a80a25d7 67003->66749 67004 7ff8a80a1f40 85 API calls 67004->67006 67005 7ff8a80a2685 67005->66749 67006->67004 67006->67005 67042 7ff8a8088640 18 API calls 67006->67042 67009 7ff8a8056f7b 67008->67009 67010 7ff8a8056f84 67008->67010 67043 7ff8a8028b90 16 API calls 67009->67043 67010->67009 67011 7ff8a8056fd6 67010->67011 67045 7ff8a8056ce0 74 API calls 67011->67045 67014 7ff8a8056f9a 67044 7ff8a8028b90 16 API calls 67014->67044 67016 7ff8a8056fc4 67016->66749 67017 7ff8a80a2560 85 API calls 67029 7ff8a8057000 67017->67029 67018 7ff8a80572bf 67020 7ff8a80572cc 67018->67020 67049 7ff8a8025f50 16 API calls 67018->67049 67023 7ff8a80572d8 67020->67023 67050 7ff8a804ed80 19 API calls 67020->67050 67022 7ff8a80572ba 67022->66749 67023->67022 67023->67023 67024 7ff8a8025b90 16 API calls 67023->67024 67025 7ff8a805734a 67024->67025 67025->67022 67027 7ff8a8057352 memcpy 67025->67027 67027->67022 67029->67017 67029->67018 67029->67022 67046 7ff8a8053860 74 API calls 67029->67046 67047 7ff8a8055e50 74 API calls 67029->67047 67048 7ff8a8056ce0 74 API calls 67029->67048 67031->66751 67032->66753 67033->66749 67034->66749 67035->66749 67036->66756 67037->66755 67038->66755 67039->66760 67040->67000 67041->67003 67042->67006 67043->67014 67044->67016 67045->67029 67046->67029 67047->67029 67048->67029 67049->67020 67050->67023

                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                        Function 00007FF8A8080210 Relevance: 26.0, APIs: 2, Strings: 15, Instructions: 495COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: C$C$C$C$always$aolf$bolb$bolc$buod$duplicate column name: %s$generated$laer$rahc$too many columns on %s$txet
                                                                                                                                                                                                                                                                        • API String ID: 0-2777911791
                                                                                                                                                                                                                                                                        • Opcode ID: 931c3efa3d57d27f9a5f078952d0e46333348eec072af9129c602e63b03e6d6c
                                                                                                                                                                                                                                                                        • Instruction ID: ec42f0ce436623ef49ad9efe037efbfd1cd13a978a1d625c3e3acb28923c9a59
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 931c3efa3d57d27f9a5f078952d0e46333348eec072af9129c602e63b03e6d6c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A124462E0E6D2A5EF698B2590607B93BD1EB517C4F548032DA9E872C1DF3CD4E1C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80A1F40 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 815 7ff8a80a1f40-7ff8a80a2011 memset 816 7ff8a80a2013-7ff8a80a201f call 7ff8a8029ad0 815->816 817 7ff8a80a2024-7ff8a80a202a 815->817 816->817 819 7ff8a80a203d-7ff8a80a2045 817->819 820 7ff8a80a202c-7ff8a80a2036 817->820 821 7ff8a80a2105-7ff8a80a210d 819->821 822 7ff8a80a204b-7ff8a80a2051 819->822 820->819 823 7ff8a80a2117-7ff8a80a211a 821->823 824 7ff8a80a210f-7ff8a80a2112 call 7ff8a80bbb60 821->824 825 7ff8a80a2100 822->825 826 7ff8a80a2057-7ff8a80a205a 822->826 828 7ff8a80a2120 823->828 829 7ff8a80a21e4-7ff8a80a21ec call 7ff8a80dd180 823->829 824->823 825->821 830 7ff8a80a2060-7ff8a80a206c 826->830 831 7ff8a80a2122-7ff8a80a2128 828->831 832 7ff8a80a212e-7ff8a80a2135 828->832 841 7ff8a80a21f1-7ff8a80a21f4 829->841 833 7ff8a80a20ea-7ff8a80a20f5 830->833 834 7ff8a80a206e-7ff8a80a2074 830->834 831->829 831->832 837 7ff8a80a2184-7ff8a80a2187 832->837 838 7ff8a80a2137-7ff8a80a215a call 7ff8a80299b0 call 7ff8a8026030 832->838 833->830 836 7ff8a80a20fb 833->836 839 7ff8a80a2076-7ff8a80a207d 834->839 840 7ff8a80a208d-7ff8a80a2093 834->840 836->825 846 7ff8a80a21d7-7ff8a80a21e2 837->846 847 7ff8a80a2189-7ff8a80a219b call 7ff8a8025b90 837->847 881 7ff8a80a252c-7ff8a80a255a call 7ff8a80a1c90 call 7ff8a814f0a0 838->881 839->840 849 7ff8a80a207f-7ff8a80a208b call 7ff8a803de10 839->849 844 7ff8a80a2095-7ff8a80a209c 840->844 845 7ff8a80a20ce 840->845 842 7ff8a80a2200-7ff8a80a220c 841->842 843 7ff8a80a21f6-7ff8a80a21fd 841->843 850 7ff8a80a2271-7ff8a80a2275 842->850 851 7ff8a80a220e-7ff8a80a221a 842->851 843->842 852 7ff8a80a20ab-7ff8a80a20b2 844->852 853 7ff8a80a209e-7ff8a80a20a2 844->853 855 7ff8a80a20d0-7ff8a80a20d4 845->855 846->841 847->846 874 7ff8a80a219d-7ff8a80a21d5 memcpy call 7ff8a80dd180 call 7ff8a8025690 847->874 849->840 865 7ff8a80a2277-7ff8a80a2284 850->865 866 7ff8a80a2289-7ff8a80a228f 850->866 851->850 859 7ff8a80a221c-7ff8a80a2226 851->859 852->845 861 7ff8a80a20b4-7ff8a80a20b7 852->861 853->852 860 7ff8a80a20a4-7ff8a80a20a9 853->860 863 7ff8a80a20e4-7ff8a80a20e6 855->863 864 7ff8a80a20d6-7ff8a80a20da 855->864 870 7ff8a80a2232-7ff8a80a2238 859->870 871 7ff8a80a2228 859->871 860->855 872 7ff8a80a20c5-7ff8a80a20cc 861->872 873 7ff8a80a20b9-7ff8a80a20bd 861->873 868 7ff8a80a20e8 863->868 869 7ff8a80a215f-7ff8a80a217f call 7ff8a80299b0 863->869 864->863 875 7ff8a80a20dc-7ff8a80a20df call 7ff8a803dde0 864->875 876 7ff8a80a23aa-7ff8a80a23ad 865->876 877 7ff8a80a2295-7ff8a80a2298 866->877 878 7ff8a80a2416-7ff8a80a2434 866->878 868->833 869->881 887 7ff8a80a2263 870->887 888 7ff8a80a223a-7ff8a80a224c call 7ff8a8025b90 870->888 871->870 872->845 872->861 873->872 889 7ff8a80a20bf-7ff8a80a20c3 873->889 874->841 875->863 883 7ff8a80a23b7-7ff8a80a23c3 876->883 884 7ff8a80a23af-7ff8a80a23b2 call 7ff8a8053860 876->884 877->878 880 7ff8a80a229e-7ff8a80a22a3 877->880 885 7ff8a80a2454-7ff8a80a245b 878->885 886 7ff8a80a2436-7ff8a80a243f 878->886 880->876 892 7ff8a80a22a9-7ff8a80a22b0 880->892 898 7ff8a80a23c5-7ff8a80a23de call 7ff8a80299b0 883->898 899 7ff8a80a23ea-7ff8a80a23f3 883->899 884->883 885->881 901 7ff8a80a2461-7ff8a80a2470 885->901 896 7ff8a80a2441-7ff8a80a2449 call 7ff8a804dee0 886->896 897 7ff8a80a244b-7ff8a80a2450 886->897 903 7ff8a80a2265-7ff8a80a226c 887->903 888->903 918 7ff8a80a224e-7ff8a80a2261 memcpy 888->918 889->860 889->872 892->876 904 7ff8a80a22b6-7ff8a80a22c2 892->904 896->885 897->885 898->885 931 7ff8a80a23e0-7ff8a80a23e8 call 7ff8a8025690 898->931 912 7ff8a80a23f5-7ff8a80a23fd 899->912 913 7ff8a80a2408-7ff8a80a2414 call 7ff8a80298d0 899->913 909 7ff8a80a2472-7ff8a80a2479 901->909 910 7ff8a80a24ad-7ff8a80a24b5 901->910 903->850 904->876 914 7ff8a80a22c8-7ff8a80a22cb 904->914 919 7ff8a80a2491-7ff8a80a2498 909->919 920 7ff8a80a247b-7ff8a80a248c 909->920 923 7ff8a80a24c4-7ff8a80a24cb 910->923 924 7ff8a80a24b7-7ff8a80a24c2 call 7ff8a8025620 910->924 912->913 922 7ff8a80a23ff-7ff8a80a2406 912->922 913->885 929 7ff8a80a22d0-7ff8a80a22df 914->929 918->903 919->910 933 7ff8a80a249a-7ff8a80a24ab 919->933 932 7ff8a80a251f-7ff8a80a2526 920->932 922->885 927 7ff8a80a2516 923->927 928 7ff8a80a24cd-7ff8a80a24d7 923->928 924->932 927->932 936 7ff8a80a24d9 928->936 937 7ff8a80a24df-7ff8a80a250c 928->937 938 7ff8a80a22e5-7ff8a80a22e9 929->938 939 7ff8a80a2394-7ff8a80a239f 929->939 931->885 932->881 932->901 933->932 936->937 937->932 963 7ff8a80a250e-7ff8a80a2514 937->963 942 7ff8a80a2324-7ff8a80a232e 938->942 943 7ff8a80a22eb-7ff8a80a22fe call 7ff8a8041670 938->943 939->929 941 7ff8a80a23a5 939->941 941->876 945 7ff8a80a2330-7ff8a80a2337 942->945 946 7ff8a80a2345-7ff8a80a2356 942->946 958 7ff8a80a2300-7ff8a80a2305 943->958 959 7ff8a80a2307-7ff8a80a230f call 7ff8a8025f50 943->959 945->946 949 7ff8a80a2339-7ff8a80a2341 call 7ff8a803de10 945->949 950 7ff8a80a2366-7ff8a80a2372 946->950 951 7ff8a80a2358-7ff8a80a235c 946->951 949->946 955 7ff8a80a2374-7ff8a80a237f call 7ff8a807e840 950->955 956 7ff8a80a2387-7ff8a80a238a 950->956 951->950 954 7ff8a80a235e-7ff8a80a2361 call 7ff8a803dde0 951->954 954->950 955->956 956->939 966 7ff8a80a238c-7ff8a80a238f call 7ff8a8042e10 956->966 958->959 964 7ff8a80a2317-7ff8a80a231a 958->964 959->964 963->932 964->941 969 7ff8a80a2320 964->969 966->939 969->942
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID: database schema is locked: %s$out of memory$statement too long
                                                                                                                                                                                                                                                                        • API String ID: 438689982-1046679716
                                                                                                                                                                                                                                                                        • Opcode ID: cee6958ed2d341b78b1a96b9300467cf5085ba834bfbaaeef5a04b714906b51f
                                                                                                                                                                                                                                                                        • Instruction ID: 51bfe580b97911191066609d1bad4ab88bf8ea7f0fbf52ebe88a57c71fc049d4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cee6958ed2d341b78b1a96b9300467cf5085ba834bfbaaeef5a04b714906b51f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17029F22A0A682AAEF69DF2194507B9A7A0FB55BC4F084135DF4D077D5DF7CE4A0C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A802EB60 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 511fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset$CreateFile
                                                                                                                                                                                                                                                                        • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                                                                                                        • API String ID: 333288564-3829269058
                                                                                                                                                                                                                                                                        • Opcode ID: 02fe53ef66c887b033a51c45fdd9431cb64e4c276c082006cc8d896bd139607b
                                                                                                                                                                                                                                                                        • Instruction ID: 4425adf43c794592ea93cda154d934681e51eea560426ac73a420a31bb43be47
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02fe53ef66c887b033a51c45fdd9431cb64e4c276c082006cc8d896bd139607b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5332F321E0FA42A6FF659B20A45477963A0FF45BE0F044635DB5E022D1EFBCE495CB28
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8040090 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 583stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpystrcmp
                                                                                                                                                                                                                                                                        • String ID: :memory:
                                                                                                                                                                                                                                                                        • API String ID: 4075415522-2920599690
                                                                                                                                                                                                                                                                        • Opcode ID: f25ff8cd9ba180516d404832cbec9025415c742485377cc6bd8f8a15eebae620
                                                                                                                                                                                                                                                                        • Instruction ID: c8b501f75aa1f53d74200139c502f10afe12b1f430f6c11e9f249d3321e22549
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f25ff8cd9ba180516d404832cbec9025415c742485377cc6bd8f8a15eebae620
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0542AA22E4A782A2FFA59B21955077927A0FF94BC4F044139DA4E277D0DF3CE4A0C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A802FEB0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 1782 7ff8a802feb0-7ff8a802fede GetSystemInfo call 7ff8a80ddf10 1784 7ff8a802fee3-7ff8a802fee5 1782->1784 1785 7ff8a802feeb-7ff8a802fef1 1784->1785 1786 7ff8a802ff7e-7ff8a802ff85 call 7ff8a80ddf10 1784->1786 1787 7ff8a802fef3-7ff8a802fef5 1785->1787 1788 7ff8a802fef7-7ff8a802ff08 1785->1788 1793 7ff8a803003b-7ff8a8030042 call 7ff8a80ddf10 1786->1793 1794 7ff8a802ff8b-7ff8a802ff91 1786->1794 1790 7ff8a802ff13-7ff8a802ff24 1787->1790 1788->1790 1797 7ff8a802ff0a 1788->1797 1795 7ff8a802ff2f-7ff8a802ff32 1790->1795 1796 7ff8a802ff26-7ff8a802ff2d 1790->1796 1810 7ff8a80300f8-7ff8a80300ff call 7ff8a80ddf10 1793->1810 1811 7ff8a8030048-7ff8a803004e 1793->1811 1798 7ff8a802ff93-7ff8a802ff95 1794->1798 1799 7ff8a802ff97-7ff8a802ffa8 1794->1799 1800 7ff8a802ff62-7ff8a802ff73 1795->1800 1801 7ff8a802ff34-7ff8a802ff3e 1795->1801 1796->1800 1797->1790 1804 7ff8a802ffb3-7ff8a802ffc4 1798->1804 1799->1804 1821 7ff8a802ffaa 1799->1821 1800->1786 1803 7ff8a802ff75 1800->1803 1805 7ff8a802ff40-7ff8a802ff43 1801->1805 1806 7ff8a802ff51-7ff8a802ff55 1801->1806 1803->1786 1808 7ff8a802ffd6-7ff8a802ffd9 1804->1808 1809 7ff8a802ffc6-7ff8a802ffd4 1804->1809 1805->1806 1814 7ff8a802ff45-7ff8a802ff4f 1805->1814 1806->1800 1812 7ff8a802ff57-7ff8a802ff5e 1806->1812 1818 7ff8a802ffdb-7ff8a802ffe5 1808->1818 1819 7ff8a803001f-7ff8a8030026 1808->1819 1815 7ff8a8030009-7ff8a803000c 1809->1815 1833 7ff8a80301b5-7ff8a80301c1 1810->1833 1834 7ff8a8030105-7ff8a803010b 1810->1834 1816 7ff8a8030050-7ff8a8030052 1811->1816 1817 7ff8a8030054-7ff8a8030065 1811->1817 1812->1800 1814->1805 1814->1806 1815->1819 1826 7ff8a803000e-7ff8a803001d 1815->1826 1822 7ff8a8030070-7ff8a8030081 1816->1822 1817->1822 1836 7ff8a8030067 1817->1836 1823 7ff8a802fff8-7ff8a802fffc 1818->1823 1824 7ff8a802ffe7-7ff8a802ffea 1818->1824 1827 7ff8a803002d-7ff8a8030030 1819->1827 1821->1804 1831 7ff8a8030093-7ff8a8030096 1822->1831 1832 7ff8a8030083-7ff8a8030091 1822->1832 1823->1815 1830 7ff8a802fffe-7ff8a8030005 1823->1830 1824->1823 1829 7ff8a802ffec-7ff8a802fff6 1824->1829 1826->1827 1827->1793 1835 7ff8a8030032 1827->1835 1829->1823 1829->1824 1830->1815 1840 7ff8a8030098-7ff8a80300a2 1831->1840 1841 7ff8a80300dc-7ff8a80300e3 1831->1841 1837 7ff8a80300c6-7ff8a80300c9 1832->1837 1842 7ff8a80301c3-7ff8a80301d4 1833->1842 1843 7ff8a80301d5-7ff8a80301ed 1833->1843 1838 7ff8a803010d-7ff8a803010f 1834->1838 1839 7ff8a8030111-7ff8a8030122 1834->1839 1835->1793 1836->1822 1837->1841 1844 7ff8a80300cb-7ff8a80300da 1837->1844 1846 7ff8a803012d-7ff8a803013e 1838->1846 1839->1846 1859 7ff8a8030124 1839->1859 1847 7ff8a80300a4-7ff8a80300a7 1840->1847 1848 7ff8a80300b5-7ff8a80300b9 1840->1848 1845 7ff8a80300ea-7ff8a80300ed 1841->1845 1844->1845 1845->1810 1852 7ff8a80300ef 1845->1852 1849 7ff8a8030150-7ff8a8030153 1846->1849 1850 7ff8a8030140-7ff8a803014e 1846->1850 1847->1848 1854 7ff8a80300a9-7ff8a80300b3 1847->1854 1848->1837 1855 7ff8a80300bb-7ff8a80300c2 1848->1855 1857 7ff8a8030199-7ff8a80301a0 1849->1857 1858 7ff8a8030155-7ff8a803015f 1849->1858 1856 7ff8a8030183-7ff8a8030186 1850->1856 1852->1810 1854->1847 1854->1848 1855->1837 1856->1857 1862 7ff8a8030188-7ff8a8030197 1856->1862 1863 7ff8a80301a7-7ff8a80301aa 1857->1863 1860 7ff8a8030172-7ff8a8030176 1858->1860 1861 7ff8a8030161-7ff8a8030164 1858->1861 1859->1846 1860->1856 1865 7ff8a8030178-7ff8a803017f 1860->1865 1861->1860 1864 7ff8a8030166-7ff8a8030170 1861->1864 1862->1863 1863->1833 1866 7ff8a80301ac 1863->1866 1864->1860 1864->1861 1865->1856 1866->1833
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,00007FF8A80DE1FC,?,?,?,?,00007FF8A8028ABD,?,?,?,?,00007FF8A8055AA7), ref: 00007FF8A802FED8
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                                                                        • Opcode ID: 2ee4342b15a73cf515a198ee26b50fac196a910b5e623ee29fdfc80da0576b31
                                                                                                                                                                                                                                                                        • Instruction ID: 5125335d5ab59064f14043385aa7b56c0abc0a8b4d5a1e48af8dbb638e9432b1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ee4342b15a73cf515a198ee26b50fac196a910b5e623ee29fdfc80da0576b31
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FA10621E0BB07A5FEAA9B56A85163422E1FF15BC4F040939CA5D077E0EF7CE560C768
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8037AA0 Relevance: 15.6, APIs: 7, Strings: 3, Instructions: 618stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memsetstrcmp
                                                                                                                                                                                                                                                                        • String ID: -journal$immutable$nolock
                                                                                                                                                                                                                                                                        • API String ID: 3047042315-4201244970
                                                                                                                                                                                                                                                                        • Opcode ID: 48c76c1c9095f689be085474d7e73e6d748f5e27493cbd8479e3f13eab1714e4
                                                                                                                                                                                                                                                                        • Instruction ID: 6db8f151e20285f1aa5eafffa59fac0eebbb031aedc641b300597cbc21a852e6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48c76c1c9095f689be085474d7e73e6d748f5e27493cbd8479e3f13eab1714e4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2452B466A0A786A6EF668B26945037977A0FF45BE4F044634CA6E037D1DF3CE474C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A809A690 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 490COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24$invalid$misuse$unopened
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2244559125
                                                                                                                                                                                                                                                                        • Opcode ID: 45c61ccb2c330ff7879461c7eb0ca629041ca64585da89c9ea326487586ae3c0
                                                                                                                                                                                                                                                                        • Instruction ID: 2d02191663c826cce83baad1a92ab8d43557edd2d84a466be74150010fab581d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45c61ccb2c330ff7879461c7eb0ca629041ca64585da89c9ea326487586ae3c0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5322B932A0BA42A6EE6A9B11A4547B933A5FF44BD4F184135DE4E073D4DF3CE861C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80A16D0 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 319COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 679 7ff8a80a16d0-7ff8a80a1794 call 7ff8a80a13d0 682 7ff8a80a1b12-7ff8a80a1b15 679->682 683 7ff8a80a179a-7ff8a80a17b1 679->683 684 7ff8a80a1b17-7ff8a80a1b1d 682->684 685 7ff8a80a1b1f-7ff8a80a1b22 call 7ff8a8025f50 682->685 686 7ff8a80a17b3-7ff8a80a17c6 683->686 687 7ff8a80a17cb-7ff8a80a17cf 683->687 684->685 689 7ff8a80a1b27-7ff8a80a1b2d call 7ff8a807e840 684->689 685->689 688 7ff8a80a1b3b-7ff8a80a1b5a call 7ff8a814f0a0 686->688 690 7ff8a80a17d1-7ff8a80a17d8 687->690 691 7ff8a80a17df-7ff8a80a17eb 687->691 699 7ff8a80a1b32-7ff8a80a1b34 689->699 690->691 693 7ff8a80a17da call 7ff8a803de10 690->693 695 7ff8a80a17f3-7ff8a80a17f8 call 7ff8a8041670 691->695 696 7ff8a80a17ed-7ff8a80a17f1 691->696 693->691 704 7ff8a80a17fd-7ff8a80a1801 695->704 696->695 700 7ff8a80a186b-7ff8a80a1876 696->700 699->688 703 7ff8a80a1880-7ff8a80a1897 call 7ff8a804b160 700->703 710 7ff8a80a1899-7ff8a80a18a1 703->710 706 7ff8a80a1803-7ff8a80a1810 call 7ff8a80e0020 704->706 707 7ff8a80a1868 704->707 714 7ff8a80a1812-7ff8a80a1819 706->714 715 7ff8a80a184e-7ff8a80a1855 706->715 707->700 712 7ff8a80a18b1 710->712 713 7ff8a80a18a3-7ff8a80a18af 710->713 718 7ff8a80a18b4-7ff8a80a18c2 712->718 713->718 719 7ff8a80a1820-7ff8a80a1829 714->719 716 7ff8a80a1857-7ff8a80a185a call 7ff8a8025690 715->716 717 7ff8a80a185f-7ff8a80a1863 715->717 716->717 721 7ff8a80a1af5-7ff8a80a1afd 717->721 723 7ff8a80a18c8-7ff8a80a18ca 718->723 724 7ff8a80a195d 718->724 719->719 722 7ff8a80a182b-7ff8a80a183d call 7ff8a8025b90 719->722 727 7ff8a80a1b0a-7ff8a80a1b10 721->727 728 7ff8a80a1aff-7ff8a80a1b03 721->728 722->715 739 7ff8a80a183f-7ff8a80a1849 memcpy 722->739 725 7ff8a80a18ed-7ff8a80a18f3 723->725 726 7ff8a80a18cc-7ff8a80a18d0 723->726 729 7ff8a80a1962-7ff8a80a1975 724->729 725->724 733 7ff8a80a18f5-7ff8a80a1908 call 7ff8a8025b90 725->733 726->725 732 7ff8a80a18d2-7ff8a80a18eb call 7ff8a8087e60 726->732 727->682 727->699 728->727 734 7ff8a80a1b05 call 7ff8a803dde0 728->734 735 7ff8a80a1977-7ff8a80a197c 729->735 736 7ff8a80a19af-7ff8a80a19be 729->736 732->729 755 7ff8a80a190a-7ff8a80a193b 733->755 756 7ff8a80a193e-7ff8a80a1945 733->756 734->727 737 7ff8a80a198e-7ff8a80a1995 735->737 738 7ff8a80a197e-7ff8a80a1983 735->738 742 7ff8a80a19c0-7ff8a80a19c4 736->742 743 7ff8a80a19c8-7ff8a80a19cc 736->743 748 7ff8a80a1998-7ff8a80a19ab call 7ff8a8040c90 737->748 745 7ff8a80a1985-7ff8a80a198a 738->745 746 7ff8a80a198c 738->746 739->715 742->743 750 7ff8a80a1a14-7ff8a80a1a16 743->750 751 7ff8a80a19ce-7ff8a80a19e1 call 7ff8a8025b90 743->751 745->748 746->737 748->736 752 7ff8a80a1a23-7ff8a80a1a73 call 7ff8a80289a0 call 7ff8a809a690 750->752 753 7ff8a80a1a18-7ff8a80a1a1c 750->753 767 7ff8a80a19e3-7ff8a80a19f5 751->767 768 7ff8a80a19fa-7ff8a80a1a01 751->768 774 7ff8a80a1a78-7ff8a80a1a8a 752->774 753->752 758 7ff8a80a1a1e 753->758 755->756 761 7ff8a80a1947-7ff8a80a194a call 7ff8a8025690 756->761 762 7ff8a80a194f-7ff8a80a1958 756->762 758->752 761->762 766 7ff8a80a1ae6-7ff8a80a1aea 762->766 766->721 770 7ff8a80a1aec-7ff8a80a1af0 call 7ff8a8042e10 766->770 767->768 771 7ff8a80a1a03-7ff8a80a1a06 call 7ff8a8025690 768->771 772 7ff8a80a1a0b-7ff8a80a1a0f 768->772 770->721 771->772 772->766 776 7ff8a80a1a97-7ff8a80a1a99 774->776 777 7ff8a80a1a8c-7ff8a80a1a92 call 7ff8a8025690 774->777 779 7ff8a80a1aa6-7ff8a80a1aaa 776->779 780 7ff8a80a1a9b-7ff8a80a1aa1 call 7ff8a807bb10 776->780 777->776 781 7ff8a80a1ac2-7ff8a80a1ac4 779->781 782 7ff8a80a1aac-7ff8a80a1ac0 call 7ff8a807e8c0 779->782 780->779 785 7ff8a80a1ad5-7ff8a80a1ae1 781->785 786 7ff8a80a1ac6-7ff8a80a1ace 781->786 782->766 785->766 786->766 788 7ff8a80a1ad0-7ff8a80a1ad3 786->788 788->766 788->785
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-879093740
                                                                                                                                                                                                                                                                        • Opcode ID: d73961a00c41aa7d0796a7b8da26cb91ced617b1d1012d60a934d5dc463bee6a
                                                                                                                                                                                                                                                                        • Instruction ID: 07b6592712cb0aec58a832d128fffe98894b0f10eecf826df411eaf22d3409e1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d73961a00c41aa7d0796a7b8da26cb91ced617b1d1012d60a934d5dc463bee6a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41E1AC22E0AA92A6FB11CB2581402BD67A5FB65BD8F054235CE8E177D1DF38E461C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A802C410 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$FileReadmemset
                                                                                                                                                                                                                                                                        • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                                                                                        • API String ID: 2051157613-1843600136
                                                                                                                                                                                                                                                                        • Opcode ID: 5795c4c460f43af0e08c20558cf91eca1fca338dd519bb9f69572c6e71e13f00
                                                                                                                                                                                                                                                                        • Instruction ID: d7061cf10ebcd19ab92fbd05955f2b78ff93a3450aa3c804818fa8c6a243d80e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5795c4c460f43af0e08c20558cf91eca1fca338dd519bb9f69572c6e71e13f00
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50413732A0AA42A6EB10DF19E8405BA77A5FF54BC0F460036EB4D83790EF7CE495C758
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8038A40 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 1331 7ff8a8038a40-7ff8a8038a60 1332 7ff8a8038a62-7ff8a8038a90 call 7ff8a8028b90 1331->1332 1333 7ff8a8038a95-7ff8a8038abc call 7ff8a8033880 1331->1333 1337 7ff8a8038cab-7ff8a8038cbe 1332->1337 1338 7ff8a8038ac2-7ff8a8038ad1 1333->1338 1339 7ff8a8038b70-7ff8a8038b7f 1333->1339 1342 7ff8a8038b68-7ff8a8038b6b 1338->1342 1343 7ff8a8038ad7-7ff8a8038ae4 1338->1343 1340 7ff8a8038b81-7ff8a8038b8e call 7ff8a8032650 1339->1340 1341 7ff8a8038b90-7ff8a8038b93 1339->1341 1345 7ff8a8038b97-7ff8a8038ba3 1340->1345 1341->1345 1346 7ff8a8038c32-7ff8a8038c3d 1342->1346 1358 7ff8a8038b40-7ff8a8038b5d 1343->1358 1359 7ff8a8038ae6-7ff8a8038aed 1343->1359 1348 7ff8a8038bb5-7ff8a8038bbb 1345->1348 1349 7ff8a8038ba5-7ff8a8038ba8 1345->1349 1350 7ff8a8038c3f-7ff8a8038c42 call 7ff8a80359f0 1346->1350 1351 7ff8a8038c47-7ff8a8038c50 1346->1351 1354 7ff8a8038beb-7ff8a8038bf7 1348->1354 1355 7ff8a8038bbd-7ff8a8038be9 call 7ff8a8028b90 1348->1355 1349->1348 1353 7ff8a8038baa-7ff8a8038bb0 1349->1353 1350->1351 1357 7ff8a8038ca1-7ff8a8038ca6 1351->1357 1360 7ff8a8038c9f 1353->1360 1362 7ff8a8038bf9-7ff8a8038bfc 1354->1362 1363 7ff8a8038c1d-7ff8a8038c23 1354->1363 1375 7ff8a8038c2a-7ff8a8038c2d call 7ff8a8032770 1355->1375 1357->1337 1358->1346 1378 7ff8a8038b63-7ff8a8038b66 1358->1378 1364 7ff8a8038aef 1359->1364 1365 7ff8a8038b06-7ff8a8038b0d 1359->1365 1360->1357 1362->1363 1372 7ff8a8038bfe-7ff8a8038c01 1362->1372 1368 7ff8a8038c52-7ff8a8038c55 1363->1368 1369 7ff8a8038c25 1363->1369 1373 7ff8a8038af0-7ff8a8038af5 1364->1373 1366 7ff8a8038b2a-7ff8a8038b35 1365->1366 1367 7ff8a8038b0f-7ff8a8038b16 1365->1367 1366->1358 1390 7ff8a8038b37-7ff8a8038b3a 1366->1390 1367->1358 1374 7ff8a8038b18-7ff8a8038b1d 1367->1374 1376 7ff8a8038c8d-7ff8a8038c9a memset 1368->1376 1377 7ff8a8038c57-7ff8a8038c61 1368->1377 1369->1375 1372->1363 1379 7ff8a8038c03-7ff8a8038c0c call 7ff8a80365e0 1372->1379 1380 7ff8a8038afd-7ff8a8038b04 1373->1380 1381 7ff8a8038af7-7ff8a8038afb 1373->1381 1374->1366 1382 7ff8a8038b1f-7ff8a8038b26 1374->1382 1375->1346 1376->1360 1385 7ff8a8038c63 1377->1385 1386 7ff8a8038c65-7ff8a8038c68 1377->1386 1378->1339 1378->1342 1388 7ff8a8038c11-7ff8a8038c15 1379->1388 1380->1365 1380->1373 1381->1365 1381->1380 1382->1374 1389 7ff8a8038b28 1382->1389 1385->1386 1391 7ff8a8038c6a-7ff8a8038c70 call 7ff8a8031bf0 1386->1391 1392 7ff8a8038c75-7ff8a8038c89 call 7ff8a80350f0 1386->1392 1388->1360 1394 7ff8a8038c1b 1388->1394 1389->1358 1390->1346 1390->1358 1391->1392 1392->1376 1397 7ff8a8038c8b 1392->1397 1394->1375 1397->1376
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 0-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: ba738d91b7b18cfe5946a2c4883e3a5e109154c5a3efbfe4252b9f65d12e370e
                                                                                                                                                                                                                                                                        • Instruction ID: 5b6bdaa7be91ecdc74a1bc45f25063f84bb7a37e1cc577b684a789ce3a87cded
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba738d91b7b18cfe5946a2c4883e3a5e109154c5a3efbfe4252b9f65d12e370e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09717066A0A647A2FF659B12E45037A67A1FB84BC4F144075CE4E076E5DF3CE472C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8024CD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 1399 7ff8a8024cd5-7ff8a8024cf4 realloc 1400 7ff8a8024d17-7ff8a8024d26 1399->1400 1401 7ff8a8024cf6-7ff8a8024d14 _msize call 7ff8a8028b90 1399->1401 1401->1400
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: _msizerealloc
                                                                                                                                                                                                                                                                        • String ID: failed memory resize %u to %u bytes
                                                                                                                                                                                                                                                                        • API String ID: 2713192863-2134078882
                                                                                                                                                                                                                                                                        • Opcode ID: a7422ed00c5f64d32ff9a1cbbbcead23a52c4ddd9aae98452e6e5888769e8973
                                                                                                                                                                                                                                                                        • Instruction ID: f1befeaa86ffb0c2acc4bb02bdf8565a4cb1d03d88ca106ace1cde34ce7d36ad
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7422ed00c5f64d32ff9a1cbbbcead23a52c4ddd9aae98452e6e5888769e8973
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E0A920B0AA8091EB1A8B02F54006A6360EB08FC4F046130EE4E07B28EF6CE452C708
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80DDF10 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 1608 7ff8a80ddf10-7ff8a80ddf1b 1609 7ff8a80ddf25-7ff8a80ddf33 call 7ff8a8024d60 1608->1609 1610 7ff8a80ddf1d-7ff8a80ddf24 1608->1610 1613 7ff8a80ddf39-7ff8a80ddf4c 1609->1613 1614 7ff8a80de498-7ff8a80de4a1 1609->1614 1615 7ff8a80ddf52-7ff8a80ddf63 1613->1615 1616 7ff8a80ddf4e-7ff8a80ddf50 1613->1616 1617 7ff8a80ddf6e-7ff8a80ddf7e 1615->1617 1621 7ff8a80ddf65 1615->1621 1616->1617 1619 7ff8a80de015-7ff8a80de029 1617->1619 1620 7ff8a80ddf84-7ff8a80ddf8b 1617->1620 1622 7ff8a80de042 1619->1622 1623 7ff8a80de02b-7ff8a80de032 1619->1623 1624 7ff8a80ddf8d-7ff8a80ddf99 call 7ff8a80de560 1620->1624 1625 7ff8a80ddf9e-7ff8a80ddfa5 1620->1625 1621->1617 1629 7ff8a80de048-7ff8a80de04b 1622->1629 1626 7ff8a80de038-7ff8a80de03b 1623->1626 1627 7ff8a80de1bb-7ff8a80de1d7 1623->1627 1624->1625 1630 7ff8a80ddfa7-7ff8a80ddfaa 1625->1630 1631 7ff8a80ddfac 1625->1631 1626->1622 1627->1622 1640 7ff8a80de1dd-7ff8a80de1e0 1627->1640 1633 7ff8a80de05d-7ff8a80de05f 1629->1633 1634 7ff8a80de04d-7ff8a80de056 1629->1634 1632 7ff8a80ddfb7-7ff8a80ddfc5 1630->1632 1631->1632 1635 7ff8a80ddfc7-7ff8a80ddfd1 1632->1635 1636 7ff8a80ddfdb-7ff8a80ddfe2 1632->1636 1637 7ff8a80de065-7ff8a80de068 1633->1637 1638 7ff8a80de48c-7ff8a80de493 1633->1638 1634->1633 1635->1636 1642 7ff8a80ddfd3-7ff8a80ddfd9 1635->1642 1645 7ff8a80ddfe8-7ff8a80ddff9 1636->1645 1643 7ff8a80de077-7ff8a80de07d 1637->1643 1644 7ff8a80de06a-7ff8a80de070 1637->1644 1638->1614 1640->1622 1646 7ff8a80de1e6-7ff8a80de1e9 1640->1646 1642->1636 1642->1645 1647 7ff8a80de433-7ff8a80de436 1643->1647 1648 7ff8a80de083-7ff8a80de089 1643->1648 1644->1643 1645->1619 1654 7ff8a80ddffb-7ff8a80de013 1645->1654 1646->1629 1652 7ff8a80de445-7ff8a80de448 1647->1652 1653 7ff8a80de438-7ff8a80de43e 1647->1653 1648->1647 1651 7ff8a80de08f-7ff8a80de108 memset call 7ff8a8088260 * 5 1648->1651 1674 7ff8a80de13f-7ff8a80de150 call 7ff8a80ddf10 1651->1674 1675 7ff8a80de10a-7ff8a80de114 1651->1675 1656 7ff8a80de45a-7ff8a80de46a 1652->1656 1657 7ff8a80de44a-7ff8a80de453 1652->1657 1653->1652 1654->1629 1658 7ff8a80de46c-7ff8a80de46f 1656->1658 1659 7ff8a80de47e-7ff8a80de481 1656->1659 1657->1656 1663 7ff8a80de477 1658->1663 1664 7ff8a80de471 1658->1664 1659->1638 1665 7ff8a80de483 1659->1665 1663->1659 1664->1663 1665->1638 1683 7ff8a80de156-7ff8a80de164 call 7ff8a80253c0 1674->1683 1684 7ff8a80de421 1674->1684 1676 7ff8a80de116-7ff8a80de125 call 7ff8a80de560 1675->1676 1677 7ff8a80de12c-7ff8a80de139 1675->1677 1676->1677 1677->1674 1685 7ff8a80de426-7ff8a80de42d 1677->1685 1683->1684 1688 7ff8a80de16a-7ff8a80de170 1683->1688 1684->1685 1685->1647 1689 7ff8a80de172-7ff8a80de17c 1688->1689 1690 7ff8a80de1ee 1688->1690 1691 7ff8a80de184-7ff8a80de1b1 1689->1691 1692 7ff8a80de17e 1689->1692 1693 7ff8a80de1f7 call 7ff8a802feb0 1690->1693 1691->1693 1700 7ff8a80de1b3-7ff8a80de1b9 1691->1700 1692->1691 1696 7ff8a80de1fc-7ff8a80de200 1693->1696 1696->1685 1697 7ff8a80de206-7ff8a80de20d call 7ff8a80ddf10 1696->1697 1702 7ff8a80de213-7ff8a80de21a 1697->1702 1703 7ff8a80de41a-7ff8a80de41f 1697->1703 1700->1693 1705 7ff8a80de225-7ff8a80de23b 1702->1705 1706 7ff8a80de21c-7ff8a80de223 1702->1706 1703->1685 1711 7ff8a80de23d-7ff8a80de256 1705->1711 1712 7ff8a80de258 1705->1712 1707 7ff8a80de264-7ff8a80de267 1706->1707 1707->1703 1708 7ff8a80de26d-7ff8a80de290 call 7ff8a80ddf10 1707->1708 1708->1685 1716 7ff8a80de296-7ff8a80de29d 1708->1716 1713 7ff8a80de25f 1711->1713 1712->1713 1713->1707 1717 7ff8a80de2a4-7ff8a80de2b5 1716->1717 1718 7ff8a80de29f-7ff8a80de2a2 1716->1718 1720 7ff8a80de2c0-7ff8a80de2d1 1717->1720 1727 7ff8a80de2b7 1717->1727 1718->1720 1721 7ff8a80de2e3-7ff8a80de2e6 1720->1721 1722 7ff8a80de2d3-7ff8a80de2e1 1720->1722 1725 7ff8a80de32c-7ff8a80de333 1721->1725 1726 7ff8a80de2e8-7ff8a80de2f2 1721->1726 1724 7ff8a80de316-7ff8a80de319 1722->1724 1724->1725 1730 7ff8a80de31b-7ff8a80de32a 1724->1730 1731 7ff8a80de33a-7ff8a80de33d 1725->1731 1728 7ff8a80de305-7ff8a80de309 1726->1728 1729 7ff8a80de2f4-7ff8a80de2f7 1726->1729 1727->1720 1728->1724 1733 7ff8a80de30b-7ff8a80de312 1728->1733 1729->1728 1732 7ff8a80de2f9-7ff8a80de303 1729->1732 1730->1731 1734 7ff8a80de33f 1731->1734 1735 7ff8a80de348-7ff8a80de357 1731->1735 1732->1728 1732->1729 1733->1724 1734->1735 1736 7ff8a80de40d-7ff8a80de418 1735->1736 1737 7ff8a80de35d-7ff8a80de3a8 1735->1737 1736->1685 1738 7ff8a80de3b6-7ff8a80de3da 1737->1738 1739 7ff8a80de3aa-7ff8a80de3b4 1737->1739 1740 7ff8a80de3dc-7ff8a80de3e8 1738->1740 1741 7ff8a80de406 1738->1741 1739->1740 1742 7ff8a80de3f0-7ff8a80de404 1740->1742 1741->1736 1742->1741 1742->1742
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,?,?,?,00007FF8A8028ABD,?,?,?,?,00007FF8A8055AA7,?,?,?,?,?,00007FF8A8021E7B), ref: 00007FF8A80DE0A8
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: gfff
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-1553575800
                                                                                                                                                                                                                                                                        • Opcode ID: ecb567d7bb0306ca2bcf2abbf895a61e8ddaf7d11981f00550c0c98f461bad49
                                                                                                                                                                                                                                                                        • Instruction ID: 37cc7bebc6fdc73fe0f291504ac0efb15b036334d5e4e3846c6cb370874246b4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecb567d7bb0306ca2bcf2abbf895a61e8ddaf7d11981f00550c0c98f461bad49
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75F10435E0FB07A6FE66AB51A855A3423E0EF54BC4F440539D90E466A1DF3CB4A0CF68
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8024C75 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 1743 7ff8a8024c75-7ff8a8024c8c malloc 1744 7ff8a8024c8e-7ff8a8024ca0 call 7ff8a8028b90 1743->1744 1745 7ff8a8024ca3-7ff8a8024cad 1743->1745 1744->1745
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: malloc
                                                                                                                                                                                                                                                                        • String ID: failed to allocate %u bytes of memory
                                                                                                                                                                                                                                                                        • API String ID: 2803490479-1168259600
                                                                                                                                                                                                                                                                        • Opcode ID: 602800639bc6ab01cb326fcd36d02fc3eb966c4ef6032c376a28dd485d5bfe3c
                                                                                                                                                                                                                                                                        • Instruction ID: 58a168610f1d99a932e43c64cdacef1b521bf7c3f0d173371c4017c7e3e06bba
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 602800639bc6ab01cb326fcd36d02fc3eb966c4ef6032c376a28dd485d5bfe3c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04D0C250B1A54691EF1A571AF59057813A0EF48BC4F146034CB0E07B95FF6CE091C708
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C2B58 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 1867 7ff8a82c2b58-7ff8a84ba972 call 7ff8a82c1ef6 TlsFree
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Free
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3978063606-0
                                                                                                                                                                                                                                                                        • Opcode ID: fb128cc568dcee73a38db5d6e8c2531c5ff05eb1f8ac0af479b44c2e35020676
                                                                                                                                                                                                                                                                        • Instruction ID: 8cc7ad16e3a3dd0f4a9376bac3f009161ba3624efc675c688330d74cef496d8f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb128cc568dcee73a38db5d6e8c2531c5ff05eb1f8ac0af479b44c2e35020676
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5C01265F07203EBF3086738886F27E11A09F48350FA08038E10EC2A90CF0CA85A9B28
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8025C50 Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,00007FF8A802805F,?,?,?,00007FF8A802842D,?,?,?,00007FF8A8027BE1), ref: 00007FF8A8025CB0
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                                                                                                                        • Opcode ID: 284bb848653a09dffabad9f40156f5817702fad60369eb97f4a8628cb5f5caaa
                                                                                                                                                                                                                                                                        • Instruction ID: 8a85d06afb0317d6af6c9e4c5d602e569cd00c0789ad861a9067bd048acd3ec6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 284bb848653a09dffabad9f40156f5817702fad60369eb97f4a8628cb5f5caaa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C511BF61B1A68250EF959B16A24427E5251DF44FC4F181032EF1D4BBC9FFBCD4A2471C
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                        Function 00007FF8A8476100 Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 351stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: strspn$strncmp$strcspn
                                                                                                                                                                                                                                                                        • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                                                                                                                                                                                                                                        • API String ID: 232339659-387852012
                                                                                                                                                                                                                                                                        • Opcode ID: 6bc830b176b07b521f36dbb056e2e75a20d263a6dff6e27447acd8171eed8e5c
                                                                                                                                                                                                                                                                        • Instruction ID: 4b34dbb2c40c8e86723a5736f4c97c80e0969a78aa309bd7847401dd00ce842e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bc830b176b07b521f36dbb056e2e75a20d263a6dff6e27447acd8171eed8e5c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFF16F71F0A696A9F714DF6298443B92362FB05BC8F808035CE4D57689EF3CE51AC768
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80E1A40 Relevance: 21.5, APIs: 2, Strings: 12, Instructions: 466COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcmpmemcpy
                                                                                                                                                                                                                                                                        • String ID: %s mode not allowed: %s$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                                                                        • API String ID: 1784268899-1067337024
                                                                                                                                                                                                                                                                        • Opcode ID: bd9f4994ca32fc9b88b5647cfa5c435afca0b21d5e770c6515f7d256f0be62fa
                                                                                                                                                                                                                                                                        • Instruction ID: fe8f4d7baac8d5db6912327634d76ce8df0fa24f039b83fc831eeb9bac8744e4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd9f4994ca32fc9b88b5647cfa5c435afca0b21d5e770c6515f7d256f0be62fa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE12F262E0E6826AFF758B20D44037A6A91EB217D5F044235DADE476C1FF3DE465C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8059080 Relevance: 15.4, APIs: 2, Strings: 8, Instructions: 380COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$strncmp
                                                                                                                                                                                                                                                                        • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                                                                                        • API String ID: 2397129164-875588658
                                                                                                                                                                                                                                                                        • Opcode ID: e3fa4dc9565abb966e7890aed3aa770a4aa4e1dc2b2aecca25ea46e37394a0bc
                                                                                                                                                                                                                                                                        • Instruction ID: 32371d6162271f084a923b88f84962aa3923e5599a56bca7e9fca80ca2a26383
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3fa4dc9565abb966e7890aed3aa770a4aa4e1dc2b2aecca25ea46e37394a0bc
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C702AF22F0A652A9FF29CB65E4446BC23A1EB447C8F049036DE0E566D5DF3CE865C738
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A1860 Relevance: 13.9, APIs: 9, Instructions: 437COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Mem_$SubtypeType_$DataFreeFromKindMallocReallocUnicode_
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1742244024-0
                                                                                                                                                                                                                                                                        • Opcode ID: c9d9c4627cf2f8baa2e07995f47ef7262a1ee094cf9010b1a5e97e1c28034e83
                                                                                                                                                                                                                                                                        • Instruction ID: 5b5f21974e927ce8c099212a20001f41eb30047931ab432329fbdccbf917c444
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9d9c4627cf2f8baa2e07995f47ef7262a1ee094cf9010b1a5e97e1c28034e83
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D0244B2B0E692A6E7668B14D444679E7A1FB857C4F544135DA8F87BD4EF3CE800C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A3028 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                                                        • Opcode ID: bc038827588cf40f583b99cfdd4304ae94c893dbf377535741e30029c5cf38f6
                                                                                                                                                                                                                                                                        • Instruction ID: 57c28af71c934f3c46f3831a664dcf361d21dbbe8eb5569266bdf8badaea45fc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc038827588cf40f583b99cfdd4304ae94c893dbf377535741e30029c5cf38f6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB31527660AB8199EB619F60E8903EEB364FB84784F44443ADB4E47B94DF3CD548C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A804BFC0 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 470COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)$Failed to read ptrmap key=%d$Main freelist: $Page %d is never used$Pointer map page %d is referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%d) disagrees with header (%d)
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-2103957143
                                                                                                                                                                                                                                                                        • Opcode ID: 16c6bb15c5f9184a9657f27c2f6d566a1a519da20702c4314a406e93363a4ad4
                                                                                                                                                                                                                                                                        • Instruction ID: a9280d30f47514eadbb16f7de8514a2535e7bbded4102dd8b5f35cf29900c168
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16c6bb15c5f9184a9657f27c2f6d566a1a519da20702c4314a406e93363a4ad4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08229E32A4A742A6FF558B65E4447BD33A0FB44B88F150139DA4E47AD4CF3CE4A1CB68
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A802E5A0 Relevance: 12.4, APIs: 2, Strings: 6, Instructions: 398COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-463513059
                                                                                                                                                                                                                                                                        • Opcode ID: 5a8b0e6b96e29fbef040e72e04105cbe240b7636e3478e8909eeb6e51e6df334
                                                                                                                                                                                                                                                                        • Instruction ID: bef74b4dfbbafa46851719290eebeb36f1fb1781e5b35fece5b066a4b4ebba1b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a8b0e6b96e29fbef040e72e04105cbe240b7636e3478e8909eeb6e51e6df334
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52E10052B1A3C617EF0D9B3964252786A91EB557C0F48813ADBAE437D2EF3CB121C624
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8026743 Relevance: 9.5, APIs: 2, Strings: 4, Instructions: 471COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
                                                                                                                                                                                                                                                                        • API String ID: 0-2031831958
                                                                                                                                                                                                                                                                        • Opcode ID: c7de89a8d1f3f6cd9eaa140424bfed7ef1cda92b35138d6e41fcfdc64aba3163
                                                                                                                                                                                                                                                                        • Instruction ID: d80dbb33cced1d12c44ffbf34831dca46fa44777d71b968de5e691ea30a32505
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7de89a8d1f3f6cd9eaa140424bfed7ef1cda92b35138d6e41fcfdc64aba3163
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0712F172B0E68295EF658B2890943B96BA0EF65BC4F084135CB4E477D1EFBCE451C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8045E00 Relevance: 6.6, APIs: 5, Instructions: 356COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 438689982-0
                                                                                                                                                                                                                                                                        • Opcode ID: a6a60567de2696428c9d7b715d1edd1b754692519845c44a008b5825024b3ef6
                                                                                                                                                                                                                                                                        • Instruction ID: 6bdcf2b2eb4afa16516696c1ddb2908454067966772dc4b8b95dcdec9a0b95b2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6a60567de2696428c9d7b715d1edd1b754692519845c44a008b5825024b3ef6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28E1F172A0E781AAEBA08F26D0407AD67A5FB45BC4F048036EE4E43786EF3DE455C315
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A805BDD6 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 388COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-3170954634
                                                                                                                                                                                                                                                                        • Opcode ID: 6f3ea5e671ba325f964a7e7d8c9f6d598627bbbbf451d3f53b75253112670136
                                                                                                                                                                                                                                                                        • Instruction ID: 48285cb2433cd6ebbc79a31228e7c26159f8a1f8e474d8f3dc395f030410ae38
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f3ea5e671ba325f964a7e7d8c9f6d598627bbbbf451d3f53b75253112670136
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBF1BD72A1A682A6EF288B15D44437D2BA1FB45BC4F05A131DA4E47BC5EF3CE461C738
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C2B62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorLastbind
                                                                                                                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                                                                        • API String ID: 2328862993-3200932406
                                                                                                                                                                                                                                                                        • Opcode ID: f4eba0e76321d527428058d812512f7d5c496053af6b33bf15f3205fea0f7f21
                                                                                                                                                                                                                                                                        • Instruction ID: ecb1494ab6511cdfe4980bc55264cd1e195813e4951bfa050a13726270762c4a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4eba0e76321d527428058d812512f7d5c496053af6b33bf15f3205fea0f7f21
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D621AC72B0A61292E710DB25E8042BE73A0FB85BC4F400132EB5C43BD9DF3DE9468B18
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80D1D30 Relevance: 30.2, APIs: 1, Strings: 19, Instructions: 233COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF8A806B710: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FF8A80D792A,?,?,?,?,?,00007FF8A806B4C2), ref: 00007FF8A806B8B8
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF8A806B220: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF8A806591C), ref: 00007FF8A806B372
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF8A806B220: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF8A806591C), ref: 00007FF8A806B404
                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140 ref: 00007FF8A80D20B5
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: FILTER clause may only be used with aggregate window functions$L$RANGE with offset PRECEDING/FOLLOWING requires one ORDER BY expression$U$U$U$Y$Y$Z$Z$Z$cume_dist$dense_rank$lag$lead$ntile$percent_rank$rank$row_number
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2685886050
                                                                                                                                                                                                                                                                        • Opcode ID: e2f9b5a3a87da07bb3d29754d8c5721e9afa17f95c909dc4d233821cb12b54b5
                                                                                                                                                                                                                                                                        • Instruction ID: 654f857cdee5510c8b9b12432aa6af52667a0bab1a4f3f8d13948c8d59242b64
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2f9b5a3a87da07bb3d29754d8c5721e9afa17f95c909dc4d233821cb12b54b5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AB1C372A0AB819AEB61CF21E84026E7BB0FB45784F104235DB9D17B99DF7CE054CB18
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A24C0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                                                                                                                                                                                                                                        • String ID: 13.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                                                                        • API String ID: 288921926-2302946913
                                                                                                                                                                                                                                                                        • Opcode ID: 8849700e4595db79af61cb0ca23ecac910159f79cad4801844aab08d1f2a0480
                                                                                                                                                                                                                                                                        • Instruction ID: 9347cf050b83af0f40ff464a9e4ed7c7a10463eaf0cb8f27e5f943a838aff580
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8849700e4595db79af61cb0ca23ecac910159f79cad4801844aab08d1f2a0480
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD212B30F0FA02A1EA579B61E9141B8E794FF8ABD1F488434D95F87695EF2DE405C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A46DC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_Unicode_$ArgumentCheckDigitErr_FromLongLong_PositionalReadyString
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                                                        • API String ID: 2437920334-4278345224
                                                                                                                                                                                                                                                                        • Opcode ID: d8e6a483aa124d8a0f7fadfcdbea60320d10b9bba425ecb1969d68fb569105d1
                                                                                                                                                                                                                                                                        • Instruction ID: 74d4917c31431eee2126ae2b3dfd935dc21cc0a3fb12917496176dd85da3b21d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8e6a483aa124d8a0f7fadfcdbea60320d10b9bba425ecb1969d68fb569105d1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8541A275F0A686A1FB628BA5D850239A361FF85BC5F948431CE0D87694DF3DE846C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A809AE40 Relevance: 16.9, APIs: 2, Strings: 9, Instructions: 380COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$sqlite3_extension_init$unable to open shared library [%.*s]
                                                                                                                                                                                                                                                                        • API String ID: 0-3733955532
                                                                                                                                                                                                                                                                        • Opcode ID: 138c7e2a7ce6839a7706d00b698727cb05620e43dd3042b04dee67c4d4c1bb63
                                                                                                                                                                                                                                                                        • Instruction ID: 1fd7d02fafa1c3a2be4c46d989f6540a2d59ef601c2863813db2f6ff637217fb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 138c7e2a7ce6839a7706d00b698727cb05620e43dd3042b04dee67c4d4c1bb63
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE02DF21A0BA92A1EF6A9B11A4647B933A4FF45BE0F044535DE8E467D0DF3CE464C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A2700 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                                                                                        • Opcode ID: 1738fc931c46e0016abe01128f6c04fa9ae34eb026bf82ed76cd7c7c3c76c679
                                                                                                                                                                                                                                                                        • Instruction ID: 07d0019cb2a6372277a3961a573086cbc1c90401b41559a35ff1930bffc82cd0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1738fc931c46e0016abe01128f6c04fa9ae34eb026bf82ed76cd7c7c3c76c679
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3681C060E0F2436AFA579B65D8412B9E291EF59BC0F448039E94C8379ADF3CE945C738
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4A94 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                                                                                                                                                                                                                                                                        • String ID: invalid normalization form
                                                                                                                                                                                                                                                                        • API String ID: 3010910608-2281882113
                                                                                                                                                                                                                                                                        • Opcode ID: 71d70c814a1b85dfb32b3f0810df02494d5ba905ed5b44fd8e565b17dcf905d8
                                                                                                                                                                                                                                                                        • Instruction ID: a8ea542ea444f9c6b5f9f89fb19f98e9d48f73528e1b5c59828d45c4821752cc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71d70c814a1b85dfb32b3f0810df02494d5ba905ed5b44fd8e565b17dcf905d8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA415B65B0EA12A5EA568B22E850379E7A0FF88BC5F844435CD5E877A4DF3DE404C338
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A1000 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Unicode_$Arg_$ArgumentEqualReady$CheckPositionalSubtypeType_
                                                                                                                                                                                                                                                                        • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                                                        • API String ID: 2760394311-1320425463
                                                                                                                                                                                                                                                                        • Opcode ID: 201e1a0c86d96ed07084084db240da97117a3eea60c9e8d2cbe13f47ad1407c3
                                                                                                                                                                                                                                                                        • Instruction ID: 8ab43ea32edbe032475d48131a18fcd7a38bb4c7203b4d376ac4ab27e7a9b362
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 201e1a0c86d96ed07084084db240da97117a3eea60c9e8d2cbe13f47ad1407c3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D621B460A0EB83A1E7128B69E8442B9B350FF45FC4F944232D95F472E4CF2DE446C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A49A8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                                                                                        • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                                                        • API String ID: 396090033-184702317
                                                                                                                                                                                                                                                                        • Opcode ID: 499ad2b4e8d2c61c6c3904c5fb4ee9275f40f4ad30840fc7374985e9f058fd08
                                                                                                                                                                                                                                                                        • Instruction ID: 21ff141d1dac1dde261a60617b1346032259ede1ad09d3cb83bac49c2236170a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 499ad2b4e8d2c61c6c3904c5fb4ee9275f40f4ad30840fc7374985e9f058fd08
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD21B571B09A87A1EB528B55E8402B4A360FF94FD4F845232D95F472E8CF2CD54AC32C
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8074D60 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 325COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • Cannot add a column with non-constant default, xrefs: 00007FF8A8074F5F
                                                                                                                                                                                                                                                                        • Cannot add a UNIQUE column, xrefs: 00007FF8A8074E93
                                                                                                                                                                                                                                                                        • SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FF8A8074EED, 00007FF8A8074F69, 00007FF8A8075073
                                                                                                                                                                                                                                                                        • Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FF8A8074EE3
                                                                                                                                                                                                                                                                        • Cannot add a NOT NULL column with default value NULL, xrefs: 00007FF8A8074F05
                                                                                                                                                                                                                                                                        • cannot add a STORED column, xrefs: 00007FF8A8075064
                                                                                                                                                                                                                                                                        • UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FF8A807510C
                                                                                                                                                                                                                                                                        • SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*', xrefs: 00007FF8A8075241
                                                                                                                                                                                                                                                                        • Cannot add a PRIMARY KEY column, xrefs: 00007FF8A8074E78
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*'$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-3865411212
                                                                                                                                                                                                                                                                        • Opcode ID: f6371c70204fbc1543091827dc8c28ab3afb6d4abdaccefe7af1a269868c75dd
                                                                                                                                                                                                                                                                        • Instruction ID: 8184a4ddf2cc60bf508f3ef7981538398f15394fdb93c22457c0bf73fa3b383b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6371c70204fbc1543091827dc8c28ab3afb6d4abdaccefe7af1a269868c75dd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1E1DC32A0AF82A5EF658B11A544BB927A1FB65BC8F444031CE8D47BD4DF3CE461C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A802F700 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 135COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: new[]
                                                                                                                                                                                                                                                                        • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                                                                                                        • API String ID: 4059295235-3840279414
                                                                                                                                                                                                                                                                        • Opcode ID: 720999c4f30bdf2a301ff6bab4f1e4f4b1ed266a6312f642202d64bab3d7b439
                                                                                                                                                                                                                                                                        • Instruction ID: 39a7c3c02904f1fecafe9a3de7ba2abb463870e7088c52b98db45be76dc23030
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 720999c4f30bdf2a301ff6bab4f1e4f4b1ed266a6312f642202d64bab3d7b439
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251F321E0EA8261FF669B255411ABA6691FF44BC8F480035DF4D433D6EFBCE4558B28
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C41DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorLastsetsockopt
                                                                                                                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                                                                                                        • API String ID: 1729277954-1872632005
                                                                                                                                                                                                                                                                        • Opcode ID: 0d2034ac39a1f015537a20df33351dbf74ae8a5fab91621d70cfd5eb938fd7c6
                                                                                                                                                                                                                                                                        • Instruction ID: 849f30ad8271f0f2b3d8b0014e7042d63e1cc6c33b073d9bf6ce58d9ecc6e10f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d2034ac39a1f015537a20df33351dbf74ae8a5fab91621d70cfd5eb938fd7c6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9351BE71B0D942A6F7249F21E8083BE73A1FB85784F484135EA8C07A89CF3DE545CB69
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C23D8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow
                                                                                                                                                                                                                                                                        • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                                                                                                        • API String ID: 1944374717-1672312481
                                                                                                                                                                                                                                                                        • Opcode ID: d4d7f13fea52a3178e6bf5d964a5a64b36e3e8d5b416d224cb6cd8592f581902
                                                                                                                                                                                                                                                                        • Instruction ID: 8217776e53f07b4ba35de7e13c3de75cf6047316c0ab625a8f459ac8d2f80b51
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4d7f13fea52a3178e6bf5d964a5a64b36e3e8d5b416d224cb6cd8592f581902
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A417261A06B42A6EB509F24DC4526D33A0EF447F8F485735EA7D467E4EF7CE5048328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A807F9A0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 404COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s %T already exists$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2846519077
                                                                                                                                                                                                                                                                        • Opcode ID: 4d01f0eb7172825882a8af48cbe2f398b1f427150bd411b3115e627f1e2500a9
                                                                                                                                                                                                                                                                        • Instruction ID: 583b501da0afce13e7aa6b44ea9804ef6197aaf90acaf18f8653586cf54709b9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d01f0eb7172825882a8af48cbe2f398b1f427150bd411b3115e627f1e2500a9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC02C072A0AB82A6EF64DB2594007A93790FB95BC8F409235DE8D477C5DF3CE464C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A1090 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: EqualUnicode_$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                                                                        • String ID: invalid normalization form
                                                                                                                                                                                                                                                                        • API String ID: 1153303739-2281882113
                                                                                                                                                                                                                                                                        • Opcode ID: 22168d29278c1de6ef91495bca67e885d51d0b2cc5fea0c41de879cb010d5d17
                                                                                                                                                                                                                                                                        • Instruction ID: a8be2d723a68ad56ecac75add3afa78a090bfd07712152b72a598dd5e4a232e1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22168d29278c1de6ef91495bca67e885d51d0b2cc5fea0c41de879cb010d5d17
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE51D461B1E65261FB668B22E81437AE3A4EF45BC0F445031CE8F07B85CF2DE505C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A16A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                                                        • API String ID: 2803103377-2068800536
                                                                                                                                                                                                                                                                        • Opcode ID: 8b9f8b491c2994b115a767135a291a96eb26d3dd982b4c81d2173ffc951e8bc0
                                                                                                                                                                                                                                                                        • Instruction ID: 0cbc2636a871fb59d1703658f3f210606ce53ae1c9169cdf555d5386be970b69
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b9f8b491c2994b115a767135a291a96eb26d3dd982b4c81d2173ffc951e8bc0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A251F962B0AA46A2EB1A8B15D490378A7A1FF85BC4F440135DE9FC7794DF3DE845C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A1550 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                                                        • API String ID: 2803103377-2110215792
                                                                                                                                                                                                                                                                        • Opcode ID: 6f842c38fbf6266b6352dc09bd82e7f65808cd6bafd25b46999a778c18f9dfdf
                                                                                                                                                                                                                                                                        • Instruction ID: c226c50519e40502c3a6ee161dbedb5b6773c9c8f228fa216229475d0ddd7bdb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f842c38fbf6266b6352dc09bd82e7f65808cd6bafd25b46999a778c18f9dfdf
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 124105A1B0A643A2EB5B8F15E450379A3A5EF44BD4F480535DA8F832D0DF2DE884C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4574 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                                                                                                                                                                                                                                        • String ID: $%04X
                                                                                                                                                                                                                                                                        • API String ID: 762632776-4013080060
                                                                                                                                                                                                                                                                        • Opcode ID: 8f010d78afd3c5818cfb4910701cc2a93885e9771a9bff0787413f6ee937c649
                                                                                                                                                                                                                                                                        • Instruction ID: 6b3e0a49eeb3728a8d78fb4929ff938cdf657a69198a3525f5cc4cfba5fa5386
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f010d78afd3c5818cfb4910701cc2a93885e9771a9bff0787413f6ee937c649
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F031EAB2B0958161EB628B14E8543B9A7A1FF84BE4F480335DAAE077C4DF3CD459C314
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4C10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                                                        • API String ID: 3097524968-4001128513
                                                                                                                                                                                                                                                                        • Opcode ID: a778e76fe43f494d7f351cf3d9963943a965506800762402e56c89a3088c44b2
                                                                                                                                                                                                                                                                        • Instruction ID: dc0095c1b59914b9ccc5de729d96303e94fcf50acb876dea736198ee72972af8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a778e76fe43f494d7f351cf3d9963943a965506800762402e56c89a3088c44b2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7731CEA0B0A706A2FB6A4B25D461379A291FF84BD4F544535CE0E833C9DF2DE845C36C
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A413C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                                                        • API String ID: 3097524968-4202047184
                                                                                                                                                                                                                                                                        • Opcode ID: 0e3e88da4055aaeba4dce951f7ad24c458dac837fb036e1c1bb397ee2ac8be3b
                                                                                                                                                                                                                                                                        • Instruction ID: 928eb7ef62aa115f1e9d70edd4b9be3fa77928c3c9baf8b7c56a4259f2f0a6c3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e3e88da4055aaeba4dce951f7ad24c458dac837fb036e1c1bb397ee2ac8be3b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7231DF60B0A702A2FB568B25E891379A2A1FF94BD4F444536CE1E833C4DF2CF845C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8030E60 Relevance: 12.3, APIs: 3, Strings: 5, Instructions: 322COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$PRAGMA "%w".page_count$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24$misuse
                                                                                                                                                                                                                                                                        • API String ID: 438689982-605142551
                                                                                                                                                                                                                                                                        • Opcode ID: 1f222c9c3708e3e0148f0e04bfd6ef1d2432749dda74ec7da7694bf09d32ae22
                                                                                                                                                                                                                                                                        • Instruction ID: 019ee2a95b1f5b7960b3bf3445d3740728a05ebd65c5adf18519632f0b3a1770
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f222c9c3708e3e0148f0e04bfd6ef1d2432749dda74ec7da7694bf09d32ae22
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65D16B21B0BA86A5EF659A2795502B923A4FF58FC4F084031EE8D577D5EF3CE4618328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80762E0 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 297COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID: "%w" $%Q%s
                                                                                                                                                                                                                                                                        • API String ID: 438689982-1987291987
                                                                                                                                                                                                                                                                        • Opcode ID: 0c202fc833e42bd393177dceb90f165c623256ca9079555171788bd9129f3bbb
                                                                                                                                                                                                                                                                        • Instruction ID: e3a6d06f6279736f36cfc47454f1203e0e3c3833b283b65696fc200c9ac5bede
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c202fc833e42bd393177dceb90f165c623256ca9079555171788bd9129f3bbb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AC1EC72E0AB82A6EE19CB16A49077967A0FB61BE0F440634DE6E077D4DF3CE460C314
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A803EED0 Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 250COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: db4a614dbc74791843ae2713c81f5c6e24e7d13f7887f40f52cdaaebeb9cfa9d
                                                                                                                                                                                                                                                                        • Instruction ID: 4fd8591d3d3de23c699467f98955b39ce4a8c10a7ab0e97b57293bbd98bf339d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db4a614dbc74791843ae2713c81f5c6e24e7d13f7887f40f52cdaaebeb9cfa9d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECA15772A0E6D299DB258B29A4445BE7B92FB847C0F054135DF8A877C1DF3CE491C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8031300 Relevance: 11.0, APIs: 1, Strings: 6, Instructions: 467COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24$misuse
                                                                                                                                                                                                                                                                        • API String ID: 0-3941351414
                                                                                                                                                                                                                                                                        • Opcode ID: ce2e5a33aa4b9383bb645f2809522136b33a361c660cb5fb3d1d0047624b19ad
                                                                                                                                                                                                                                                                        • Instruction ID: cf370c9881248f9050408402a694f33edfb81bddd77efe3e169598cc5fad5ee7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce2e5a33aa4b9383bb645f2809522136b33a361c660cb5fb3d1d0047624b19ad
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F329326A0AB8691EB558F29D5143BC33A0FBA9BC8F149235DF8D03691DF3CE195C324
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A11D0 Relevance: 10.8, APIs: 7, Instructions: 312COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 4139299733-0
                                                                                                                                                                                                                                                                        • Opcode ID: 5be55f5bbb3303c170d09a18b84e3569b3095b49e504f61c933743c06f8429b5
                                                                                                                                                                                                                                                                        • Instruction ID: a3f61a5e5c346bccc22c09edf25c5590efce25326b9d5c2a2839dfef6e066d39
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5be55f5bbb3303c170d09a18b84e3569b3095b49e504f61c933743c06f8429b5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94D1F376A0E662A1EA768B15E01467DE7A5FB457D4F140231DA8F837C0EF3DE841C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8046440 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 206COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: cdb83d6a91411c04dcf8eb5981abc93f976bdff16dc338e6c4ab55f2f3e1e527
                                                                                                                                                                                                                                                                        • Instruction ID: 06b2d7f8f62a29bdff25222649350e60974540dec4c3162b687ef3362a01b438
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdb83d6a91411c04dcf8eb5981abc93f976bdff16dc338e6c4ab55f2f3e1e527
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1581E472A0A2C16AEB11CF25958027EBBA0FB40BC4F084136DF9947785EF3CE465C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4F50 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                                                        • API String ID: 3545102714-2385192657
                                                                                                                                                                                                                                                                        • Opcode ID: 599f939e019d3ab0ab16c07c704c8a2d368a729848ff51ced41fc5b09ed2dbaf
                                                                                                                                                                                                                                                                        • Instruction ID: 7d9aaa351ee0870e61c8535416113feb3965e0ec5a4b8745a340681ec90bcf8d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 599f939e019d3ab0ab16c07c704c8a2d368a729848ff51ced41fc5b09ed2dbaf
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1531BF61B1E742A2FB518B55D5802B9A361EF84BC8F988431DE0D47B94DF3EE846C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A42A8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                                                        • API String ID: 3545102714-2474051849
                                                                                                                                                                                                                                                                        • Opcode ID: fb38ba14d3dffb49f2d9fefa403c46d6568df7bfe510786d921799ca9568ac64
                                                                                                                                                                                                                                                                        • Instruction ID: e115f8839161c3c1fa5e2d7d325cfef2c9dc09db9c505d46ddf706998665913c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb38ba14d3dffb49f2d9fefa403c46d6568df7bfe510786d921799ca9568ac64
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2131A079B0A662A2EB618B16D44037DA361FF84BC4F948431DE4D47794DF3DE886C3A8
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4D84 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                                                        • API String ID: 3545102714-4190364640
                                                                                                                                                                                                                                                                        • Opcode ID: 94e7ee99c4dc3aa2bb1b14e34242e024d645e709b94d4c586480ea63cd2f4719
                                                                                                                                                                                                                                                                        • Instruction ID: 98bce230875ebb62a2dbc6f83bfd443d05e2da8cdd0a0be72ce7b55a59dedc5a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94e7ee99c4dc3aa2bb1b14e34242e024d645e709b94d4c586480ea63cd2f4719
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31B031B1A646A2EB628B16D44077DA361FF84BC4F948031CE0D47795CF3EE886C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C2E4B Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                        • String ID: OPENSSL_ia32cap$~$~$~$~
                                                                                                                                                                                                                                                                        • API String ID: 1431749950-1981414212
                                                                                                                                                                                                                                                                        • Opcode ID: 9eacd33310160f1931e422656a7230303f5cc1d66217712b0478dcc86fde18b9
                                                                                                                                                                                                                                                                        • Instruction ID: 9d0f8864043e10578b57c8a56b2c02aa14fb85ccc4a6421ef9a08a20f5fbbfdf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9eacd33310160f1931e422656a7230303f5cc1d66217712b0478dcc86fde18b9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC41CE75E0AAA7A6E710AB01ED411B932A0FF447D0F484135EE9D47698EF7CE489C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8083CE0 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 368COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 00007FF8A8083D8B
                                                                                                                                                                                                                                                                        • foreign key on %s should reference only one column of table %T, xrefs: 00007FF8A8083D60
                                                                                                                                                                                                                                                                        • unknown column "%s" in foreign key definition, xrefs: 00007FF8A8084080
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                                                                                                        • API String ID: 438689982-272990098
                                                                                                                                                                                                                                                                        • Opcode ID: 65008a3ec150e0d6fe43cd08609448f7ece47a291b2ac618429ecf946c7191a9
                                                                                                                                                                                                                                                                        • Instruction ID: fef5077c05ec5500e1184eb34789ee21837a30d46473742ba849b8016f5d0328
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65008a3ec150e0d6fe43cd08609448f7ece47a291b2ac618429ecf946c7191a9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2F1EC62A0AB82A1EF658B21A0447B937E0FB95BC4F464136DE5D077C5DF3CE4A1C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8023F80 Relevance: 9.3, APIs: 2, Strings: 4, Instructions: 310COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: abort due to ROLLBACK$another row available$no more rows available$unknown error
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-3044471405
                                                                                                                                                                                                                                                                        • Opcode ID: dc04e79b7814e6ccfdeeb8ef8e8036a025809e40dd88e6ffa7f970d3e5dd0bbe
                                                                                                                                                                                                                                                                        • Instruction ID: 8ba8a26d2dd5741a09b492d0be5c54492fc0d3a0b1f95e67cb57fa54d79f6108
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc04e79b7814e6ccfdeeb8ef8e8036a025809e40dd88e6ffa7f970d3e5dd0bbe
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCE1A026B0AA92A5EF669B64D0446FC23A0FB44BC8F140136CF4D176D5EFBCE465C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8056F60 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 268COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24$misuse
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-1807708480
                                                                                                                                                                                                                                                                        • Opcode ID: 3b2f0938d6333d9960843501ad09ae9f05c79b2111061c5b5c29d7663fe32ff7
                                                                                                                                                                                                                                                                        • Instruction ID: 76ad53ea9f3be76733d7dcb06615ec8c5d03887ed7ccfd4e84056653496eac66
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b2f0938d6333d9960843501ad09ae9f05c79b2111061c5b5c29d7663fe32ff7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AD17626E09BC591EB158B2886052FC6760F7A9B88F14E235DF9C17652EF38E1D5C320
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8043840 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 265COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 0-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 9c20cd14ab9059d7a1738b22f99e3aedcf2815f01632da0c161fa1489c253047
                                                                                                                                                                                                                                                                        • Instruction ID: 3a203d432a095c5b920651c26eeb6c3ef2ba771e427d860f8ab163be61d66e5f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c20cd14ab9059d7a1738b22f99e3aedcf2815f01632da0c161fa1489c253047
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAB1DF32A2A69296EB64CF16E484BAA77A4FB847C4F025035DF4D43B85DF3CE850C754
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8046F50 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 52b39ce91802fcd9d1eb394ae3a6530dfd70a7933f7e77181d79b0e7e56a243f
                                                                                                                                                                                                                                                                        • Instruction ID: 82a4635bc134b018beed5bc1f5530b08b12049d4018417c915fc543c5cb4b7dd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52b39ce91802fcd9d1eb394ae3a6530dfd70a7933f7e77181d79b0e7e56a243f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6491F562A097C59ADB20DF26E4402BABBA1FB45BC4F044136EB8E43B95EF3CD155C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8075280 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 215COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                                                                                                        • API String ID: 438689982-2063813899
                                                                                                                                                                                                                                                                        • Opcode ID: 43d5cbf16a4b865bec3692e4cf3e7d86e127e15add003ca2275b8259a1c38f18
                                                                                                                                                                                                                                                                        • Instruction ID: b0718307a82af24f4c9364c12432a3ad374d10a71cf27a47896dffedde99c706
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43d5cbf16a4b865bec3692e4cf3e7d86e127e15add003ca2275b8259a1c38f18
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C91AA72A0AF8192EB50CF11A0146BA77A5FB98BC4F499235DE8D47795EF38E060C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                                                        • API String ID: 1875788646-3913127203
                                                                                                                                                                                                                                                                        • Opcode ID: dbe43c5c28b2e864e9847442fb4680e199cdb81cdd8ff4271a4bb4a7558a351a
                                                                                                                                                                                                                                                                        • Instruction ID: 3b3612f8b03f14a0239ae47a8518d63f9a4e354e80952a2f428128ba46aa925f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbe43c5c28b2e864e9847442fb4680e199cdb81cdd8ff4271a4bb4a7558a351a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F21F1A0B0A742A2FB568B55E4613799291FF88BC4F444035CF4D533C4CF2CE855C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4484 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                                                        • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                                                                                        • API String ID: 1875788646-2471543666
                                                                                                                                                                                                                                                                        • Opcode ID: d5f8e1d1838016190bef5668ce4da4a2cda0a1ddf47b54ab3442ce62d4983cc2
                                                                                                                                                                                                                                                                        • Instruction ID: 53f2aec4e7ccfcd75632e9666321998dc8b099a7618cbdf06c65b4c18cc3e4be
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5f8e1d1838016190bef5668ce4da4a2cda0a1ddf47b54ab3442ce62d4983cc2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2421C1A1B0A746A2FB6A8B15D461379A291FF84BE4F444535CE0E873C4DF2EE845C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A5094 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                                                        • String ID: not a numeric character
                                                                                                                                                                                                                                                                        • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                                                        • Opcode ID: 4cb6f1b5efbfda6638c0cdfd582c8c8d1892565bd548cca9a3afd41c4d5c272b
                                                                                                                                                                                                                                                                        • Instruction ID: 33de12b8713efad3b8d7be006adae8ace7352f5f1f2a82031a1b4a0d0653cb71
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cb6f1b5efbfda6638c0cdfd582c8c8d1892565bd548cca9a3afd41c4d5c272b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C711C8E1A0E982E1FB528B65D44007CE761EF44BD8F588030C95F03654DF3CE886C728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A43EC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                                                        • String ID: not a decimal
                                                                                                                                                                                                                                                                        • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                                                        • Opcode ID: 480c0e289b089f2dea03889a00adf552dacdf64e323fa503627025c33b286684
                                                                                                                                                                                                                                                                        • Instruction ID: 73a02a37d1933607f70e15daa57f49364874e1e5008dba1bd110d1ee821e1b0b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 480c0e289b089f2dea03889a00adf552dacdf64e323fa503627025c33b286684
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F911A161B0AA52A1EB568B25E454138E7A1FF84FD4F884431CE4E47754DF3CE886C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A25A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                                                        • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                                                        • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                                                        • Opcode ID: 4f9c832924a9756495b7a5c9d469443539cf620dd58ed21d3cdd85e935500ac7
                                                                                                                                                                                                                                                                        • Instruction ID: 7244989e39694b7b0ec0f5ba9904efc58570a2a49a821a26371e19cb93ab5674
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f9c832924a9756495b7a5c9d469443539cf620dd58ed21d3cdd85e935500ac7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88F01474A1BB46A5EA078B51E8141B9A2A8FF48BC1F881431C85E07364EF3CE048C338
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80496C0 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 368COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: e75d5eadce42eb29748f80e8d4ec3adc8e305650052e79cfab5141a81f518972
                                                                                                                                                                                                                                                                        • Instruction ID: 6291602d727937bc30bf0cf8d1aa8930919fc545f6e87719d6df0dc738bd673e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e75d5eadce42eb29748f80e8d4ec3adc8e305650052e79cfab5141a81f518972
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBF1B022A4A68296EF65CF25D4007BD27A1FB40BC8F148035DE4E476E5DF7CE866C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80BC310 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 367COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: hidden$vtable constructor called recursively: %s$vtable constructor did not declare schema: %s$vtable constructor failed: %s
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-1299490920
                                                                                                                                                                                                                                                                        • Opcode ID: 2854b45673565f8725770cda897aedabbd6d74f23848b0c0742f2364454b7773
                                                                                                                                                                                                                                                                        • Instruction ID: 4766deecc89a91156e007bc04d1b89db3a2e883a64f599561e1642494662af14
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2854b45673565f8725770cda897aedabbd6d74f23848b0c0742f2364454b7773
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF1ED32A0AB82A6EB558B11944837977A1FF48BD4F454232EE8E477D4DF3CE461CB24
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8049BF0 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 024f7d761ce7dddf31b50b6fe440660c6da65f6463c78f19096ff6e68f50cf37
                                                                                                                                                                                                                                                                        • Instruction ID: 9b5578c4dba4dd319f20766ac8ff68a3fdc8e9eb693914287ecb8347e51c2c00
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 024f7d761ce7dddf31b50b6fe440660c6da65f6463c78f19096ff6e68f50cf37
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34E1CF7360AB859ADBA09B1AE0447AD77A0FB85BC4F108036DF8D437A5CF39D8A4C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8045720 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 729e9258ab478ea02a1d1979c49bfe033a102d05bdfc4d3624caeae8c21ab050
                                                                                                                                                                                                                                                                        • Instruction ID: d1ce9f9e47e2aeabd0bfb8b3a1465ceb86be28c6fa9fa2a6cf7f609896d12be2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 729e9258ab478ea02a1d1979c49bfe033a102d05bdfc4d3624caeae8c21ab050
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27D18E7360AA8196EB61CF26D0442A977A5FB88BC8F158036DF4D87794EF38D866C314
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A802D720 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memsetstrcmp
                                                                                                                                                                                                                                                                        • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                                                                                                        • API String ID: 195427100-2815843928
                                                                                                                                                                                                                                                                        • Opcode ID: 7864a5658fc340e9f11240dd4bded126b418dcc4294c13d04d8afffe1e7e8f15
                                                                                                                                                                                                                                                                        • Instruction ID: e26fe961e3659d546a2b92ea0fc1cdb67573bec42c15f86cc3c84c824c1544c6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7864a5658fc340e9f11240dd4bded126b418dcc4294c13d04d8afffe1e7e8f15
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FBD1A122A0FB46A5FF669B21A454A7827A0FF44BD0F444635DE6E432D0EF7CE854C328
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A805A51F Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-3170954634
                                                                                                                                                                                                                                                                        • Opcode ID: 27f836a621b7b216fb8db6c01d57dbbda5cef0761d489a2685d8adf8b7827b3b
                                                                                                                                                                                                                                                                        • Instruction ID: b379b8d83a03c1495f584dc99b6ee450f57795afb898618786dc6a593fcf7dac
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27f836a621b7b216fb8db6c01d57dbbda5cef0761d489a2685d8adf8b7827b3b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA91BC62B0A69292EF54CB26E04027E6BA0FB85BD4F045132EE4D47BD9DF3CE460C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8048CE0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: a7803d3ba2c97fffd0d23eb27484b35231cd692190bd4f5cf14a3b50e8d60936
                                                                                                                                                                                                                                                                        • Instruction ID: a48ec224d8f057675325a515a65335fd2ec6dcc00d6ba628487e99fc9542ba51
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7803d3ba2c97fffd0d23eb27484b35231cd692190bd4f5cf14a3b50e8d60936
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE81F07260AB92A7DB548B26D4047AA77A0FB49BC4F008436EF4D43791DF38D465C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8046760 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: bfa2472e001d0896ede3d613e678534bbf59c5b2dac905aca0ab8578c7584222
                                                                                                                                                                                                                                                                        • Instruction ID: 896c222a3239964fecb61be56db4b7879d755fcf5a42a5aa80c9c9beabb9f388
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfa2472e001d0896ede3d613e678534bbf59c5b2dac905aca0ab8578c7584222
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3661ED7260ABC096EB518B05E4445AABBA8F744BC4F16423AEF9D43794EB3CC461C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80BAC10 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 155stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00000001,00000000,?,00007FF8A80BAE88), ref: 00007FF8A80BAD54
                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00000001,00000000,?,00007FF8A80BAE88), ref: 00007FF8A80BAD6E
                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,00000001,00000000,?,00007FF8A80BAE88), ref: 00007FF8A80BADF9
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: strncmp$memcpy
                                                                                                                                                                                                                                                                        • String ID: CRE$INS
                                                                                                                                                                                                                                                                        • API String ID: 2549481713-4116259516
                                                                                                                                                                                                                                                                        • Opcode ID: c9f61309b55a3015c742375a45572bbad06a92c256eb88d5899f0dc329a9217e
                                                                                                                                                                                                                                                                        • Instruction ID: cb288ddc99f17df804d5c9dbc95d940745afc1987ac69091b4609977f9e39382
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9f61309b55a3015c742375a45572bbad06a92c256eb88d5899f0dc329a9217e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B151FF20B0BA8269FE659B2294582792390FF41FC0F584131CE4E4B7D5DF3DE862CB28
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8386E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: getnameinfohtons
                                                                                                                                                                                                                                                                        • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                                                                        • API String ID: 1503050688-1606403076
                                                                                                                                                                                                                                                                        • Opcode ID: abf895892e19a7dd3f2917413c547db771b768985eb7ad20f0e6bfc0b8a981ba
                                                                                                                                                                                                                                                                        • Instruction ID: 2e39cf185f0c24ea1d461da03a06c2e645522d023ada0c619b506c79bcc90003
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abf895892e19a7dd3f2917413c547db771b768985eb7ad20f0e6bfc0b8a981ba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4951E771A1AA43E2FB209F12E5052BA73A0EF407C4F444035EB8D47A99EF3DE9558728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A1EC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON310(?,?,?,?,?,00007FF8A81A1EAC), ref: 00007FF8A81A3B59
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF8A81A1FA0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A81A1FD8
                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF8A81A1FA0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A81A1FF6
                                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON310 ref: 00007FF8A81A1F23
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                                                        • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                                                        • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                                                        • Opcode ID: 16bc881f184cb8364390d1ecc0752210c1df55cf4409d1ac5f55d1ad321c9066
                                                                                                                                                                                                                                                                        • Instruction ID: 09677c655585e9952e16296dee7f2d777865e130008f95d2627feab47f02c121
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16bc881f184cb8364390d1ecc0752210c1df55cf4409d1ac5f55d1ad321c9066
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC1133B6E1A947E5EB418B54D8842B4B361FB88798F800432CA5D47261EF7DD18AC728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorLastsocket
                                                                                                                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                                                                                                        • API String ID: 1120909799-2051290508
                                                                                                                                                                                                                                                                        • Opcode ID: e6e0678db33773633ffedb91ac649e33e06e4e0a3b3b72e71866550694f6694c
                                                                                                                                                                                                                                                                        • Instruction ID: 4996242075dd0198c4a4dd8e2c40aecf89eb44a742be61958617f5bcec684305
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6e0678db33773633ffedb91ac649e33e06e4e0a3b3b72e71866550694f6694c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0001DE71A0A542A3E7109B21E8042BE7260FB447D4F604235E76C47AD9CF3DE9518BAC
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8081880 Relevance: 6.3, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 438689982-0
                                                                                                                                                                                                                                                                        • Opcode ID: a36f2d9d1f4f7dfe73dfe8f3ccf442ae7eb04cbf5e810beb96f8eaca8fe013ad
                                                                                                                                                                                                                                                                        • Instruction ID: a1a0633e014cf4ffaaae8ae19c983833cfdac98542b32b88644928cfad2e3388
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a36f2d9d1f4f7dfe73dfe8f3ccf442ae7eb04cbf5e810beb96f8eaca8fe013ad
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4217C62A1A75293DA64AB16B5410BAB3A1FF44BC0F042135DBCE47F96DF3CE0A0C318
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C1064 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: strncpy
                                                                                                                                                                                                                                                                        • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                                                                                                                        • API String ID: 3301158039-3422593365
                                                                                                                                                                                                                                                                        • Opcode ID: a343ee2be0c4210df6d266d7a343f1a0f6faa4c10d9ac54a803bc9fce2c846f4
                                                                                                                                                                                                                                                                        • Instruction ID: 78d7bcc77e2bca69ada47bc1f1b7e90173d08defda81dfe000b820a78b7fc704
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a343ee2be0c4210df6d266d7a343f1a0f6faa4c10d9ac54a803bc9fce2c846f4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAB1F262A0F696A6EBA08F15E44037AB7A0FB84BC4F144175DE4D47389DF7CF8458B24
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A805E609 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 255COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: out of memory$statement aborts at %d: [%s] %s$too many levels of trigger recursion
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-3996290085
                                                                                                                                                                                                                                                                        • Opcode ID: 328bf1ec61c49fba2e74af46dc8431eb3aadbd5b13bd2200a52948d47c8917f6
                                                                                                                                                                                                                                                                        • Instruction ID: 3e0db45e882166ccf3c670a7dea8eaa2387f76c7aec8bfc1f15a16345702e30e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 328bf1ec61c49fba2e74af46dc8431eb3aadbd5b13bd2200a52948d47c8917f6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FC19B72A0AB8596DB54CF15E08466977E9FB48BC4F019036EF8E83B94DF38E451C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8046BC0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 242COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 50ee9dac0d0ec7c7bd55484c79718a7e971723a847c076e2ee9e360c4790c885
                                                                                                                                                                                                                                                                        • Instruction ID: ce416acdcc50f8f970a8249a5145bf551b86bcb396f352fe14f071d7f5a6d35c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50ee9dac0d0ec7c7bd55484c79718a7e971723a847c076e2ee9e360c4790c885
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AA17A32A0E1E266EB299A25E4504BEBFA1E751784F044132DFEE437C0EB3DE561D724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80B50F0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: RETURNING may not use "TABLE.*" wildcards
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2313493979
                                                                                                                                                                                                                                                                        • Opcode ID: 1903f41f3c8ed2882695e0741f73f1ff587da78c111ea2095443e17a958e6312
                                                                                                                                                                                                                                                                        • Instruction ID: dd3d102683a99b9afe329ee50002923ad97325e3ef26e0d10a271c566f3092f1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1903f41f3c8ed2882695e0741f73f1ff587da78c111ea2095443e17a958e6312
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09B1DF32A0AB81AAEB11CF15D4442A977A0FB45BE4F499335DE6C477D5DF38E0A0C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80A6B40 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 197COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: %s.%s$column%d$rowid
                                                                                                                                                                                                                                                                        • API String ID: 0-1505470444
                                                                                                                                                                                                                                                                        • Opcode ID: 961521b0864b808253b7cc34fcaef19600a31ff3f38c0fdfc771b9e406f258d8
                                                                                                                                                                                                                                                                        • Instruction ID: bc7ec741f024c63d65adc9a6e4860180cf17378ff72ff1a7606ed0a4cd4df579
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 961521b0864b808253b7cc34fcaef19600a31ff3f38c0fdfc771b9e406f258d8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2918872A0AA81A5EF60DB25E4443A9A3A4FB85BF4F444326DEBD477C4DF38D065C324
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A803F3C0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 1988c17b057007b99fcb301fc1638394d7ea64c53eb56f6dc9d7b1615f4d3fb1
                                                                                                                                                                                                                                                                        • Instruction ID: 82233e6b9c3ad116131894a2e6a008f6a42ffdefdfd22860b2511fffd0ab128b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1988c17b057007b99fcb301fc1638394d7ea64c53eb56f6dc9d7b1615f4d3fb1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE61892290E5E376DB199A37A1508BD7E91E721381F444232EFEA436C1DB3CE665D334
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8081620 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: $, $CREATE TABLE
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-3459038510
                                                                                                                                                                                                                                                                        • Opcode ID: 9507b49f19bf23b98556db8d5c5b8422abac695ab224ef116c8aa1817a106cc1
                                                                                                                                                                                                                                                                        • Instruction ID: f16ea34b8f39a3966b5ffc9e3d0701624a4a945bce231c3cb057247b22e44973
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9507b49f19bf23b98556db8d5c5b8422abac695ab224ef116c8aa1817a106cc1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0861F3A2B0A685A5EB068F24A4401B9B7A2FF50BE4F485335DA5D037D1EF3DE492C354
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A1FA0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                                                                        • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                                                        • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                                                        • Opcode ID: c98c5b1ab0b2a8d827254fbc7c4625d595eb4019985d1d621710d4bb056f2700
                                                                                                                                                                                                                                                                        • Instruction ID: 5b47af49d9c0825ca5a3e3082298d066007d8a0f28dde0b0f9304f13db6be011
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c98c5b1ab0b2a8d827254fbc7c4625d595eb4019985d1d621710d4bb056f2700
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25614732B1A20266E6668A19E9407BEF752FF80BD0F444235EA5D47BC9DF3CE846C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80870B0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: , $index '%q'
                                                                                                                                                                                                                                                                        • API String ID: 0-2319803734
                                                                                                                                                                                                                                                                        • Opcode ID: bdc72ee0fbcf559c170dfa366458704cdcaa7285bc19419a639c4a52ceb0be38
                                                                                                                                                                                                                                                                        • Instruction ID: 013ef7887ad0d3f01c1153ada70d007a005380793d6cc9dad3594335b819f0c5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdc72ee0fbcf559c170dfa366458704cdcaa7285bc19419a639c4a52ceb0be38
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3761BF32F09651A9EF248B65D4405BD3BE0FB447A8F100635DE2E57BD8DF38D4A18364
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8027910 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: (join-%u)$(subquery-%u)
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2916047017
                                                                                                                                                                                                                                                                        • Opcode ID: 0376c19719fbfa3b8ffc71065b5bd498f6b59ab6811cee4c7231cffe0617196a
                                                                                                                                                                                                                                                                        • Instruction ID: a5f47ebf3229f1dc59cf7d60c4d230d24f04098cf5e6edf4a892a18bedc2bf0f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0376c19719fbfa3b8ffc71065b5bd498f6b59ab6811cee4c7231cffe0617196a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF61D172A0A68590FF228A25C0487B96BA0FF54BE4F045671CF6D036D0EFB8E192C714
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8038CC0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 3e771b3a6adb270b2e33243665237f459bbde3d76ff432d7ee02837b9070376c
                                                                                                                                                                                                                                                                        • Instruction ID: 15b2b7e100b012e1a428251536cd22990844b09b37839d4d70567cf57c4a090b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e771b3a6adb270b2e33243665237f459bbde3d76ff432d7ee02837b9070376c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D451913660AB82A6EB55CF26E5006AA73A4FB49BC4F144072DF4D43B94EF38D475C314
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A80469C0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: f02f53f6b756a4f8bcd418af737e79d2e845a7429f795644b0ca1e5e63187a13
                                                                                                                                                                                                                                                                        • Instruction ID: d59e8a420b2ae987868550ef53b72ac61b33676dc7d0aa105654cfce20eb2752
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f02f53f6b756a4f8bcd418af737e79d2e845a7429f795644b0ca1e5e63187a13
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4519F72A19B81D2EB21CB15E4002AAB7A5FB84BC4F548032EF8D43B95DF7CD0A5CB54
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A804DBB0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID: $%!.15g$-
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-875264902
                                                                                                                                                                                                                                                                        • Opcode ID: 57a372a0f59835ef72cc3758b29ab54da87ec1c01d5168466444bb3bd8cbe9c4
                                                                                                                                                                                                                                                                        • Instruction ID: c2a08a7ec74e67e80f3157a7c571fecace5aa68cabf4f0e2d607035cb2cf3458
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57a372a0f59835ef72cc3758b29ab54da87ec1c01d5168466444bb3bd8cbe9c4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC513462A0EA8291EB118B29E0403BA7BE0EB45BD8F104235EE9E477D5DB7ED411C724
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A803A920 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 2221118986-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 0e40623b833f7d14cedc3489e0cd27d604beddb0d323dc25b61363d3d9868e78
                                                                                                                                                                                                                                                                        • Instruction ID: 783f415aeac98e879ba1c13496937330e89978fcfdbe5146b22e6825be41c2a2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e40623b833f7d14cedc3489e0cd27d604beddb0d323dc25b61363d3d9868e78
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6341E333A1AF4692EB608F06E0406AA77A4FB88BC0F494036EE8E57794DF3CD951C754
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A8046310 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$database corruption$df5c253c0b3dd24916e4ec7cf77d3db5294cc9fd45ae7b9c5e82ad8197f38a24
                                                                                                                                                                                                                                                                        • API String ID: 0-2551159147
                                                                                                                                                                                                                                                                        • Opcode ID: 3acac430f8db03ec767c445b0619ee46a6b9f5c4b404d104ddc4c6a6ba31da9f
                                                                                                                                                                                                                                                                        • Instruction ID: 807c3a326fda3693d4423f87cd12dc9b1dafc438b644de523bb44ca183157766
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3acac430f8db03ec767c445b0619ee46a6b9f5c4b404d104ddc4c6a6ba31da9f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C31DD73A0A7C19AEB05CF2AD05006D7BA0E781B84F05813AEF994B799EB3CD565C720
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A7E52288 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2388305438.00007FF8A7931000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8A7930000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2388269931.00007FF8A7930000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2388918381.00007FF8A7E68000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389048041.00007FF8A7FC2000.00000008.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389081457.00007FF8A7FC3000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389117280.00007FF8A7FCF000.00000008.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389152168.00007FF8A7FD1000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389183907.00007FF8A7FD5000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a7930000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                        • Opcode ID: 0757bfef914e9c09f2dcbf113ba746b61e7bf9a6c23fc114e597c15af4fc8dfc
                                                                                                                                                                                                                                                                        • Instruction ID: a876d7f4d636f298b728bccf12fa0ef5199b6e75de9325d81d82b0163c29b51d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0757bfef914e9c09f2dcbf113ba746b61e7bf9a6c23fc114e597c15af4fc8dfc
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC111C36B15B4199EB008FA0E8542AC33A4F759B98F441E31EA6D467A8DF7CE1649340
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A82C6A23 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389797626.00007FF8A82C1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A82C0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389771615.00007FF8A82C0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A82CD000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8325000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8339000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A8349000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A835D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389797626.00007FF8A850E000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8510000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A853B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A856D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390218021.00007FF8A8592000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390442983.00007FF8A85E0000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390470402.00007FF8A85E6000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A85E8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8605000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2390496248.00007FF8A8609000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a82c0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ..\s\crypto\engine\eng_ctrl.c$b
                                                                                                                                                                                                                                                                        • API String ID: 0-1836817417
                                                                                                                                                                                                                                                                        • Opcode ID: 81578ff1b17706f1e3e9fb800d66550516f8ba6bbcffc65290ac54bc7c0ad89f
                                                                                                                                                                                                                                                                        • Instruction ID: dd5ee6c6884356e7656a9a1349c83535b2f3da336b9825f2a4d14d4097b67334
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81578ff1b17706f1e3e9fb800d66550516f8ba6bbcffc65290ac54bc7c0ad89f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63E1AF31B0F662A2F7648F12E40477AA6A1FF807C4F544135DA4D07A99EF3DE945CB28
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A4EC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                                                        • String ID: no such name
                                                                                                                                                                                                                                                                        • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                                                        • Opcode ID: 395a9204b06d10842d27ff1401529a2fab2db4c300028d58aebe2a064ec5b4ca
                                                                                                                                                                                                                                                                        • Instruction ID: f8c0f89b13be1c3f641b16db76eb58f45cdae7e12e216d29025b9697f8155519
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 395a9204b06d10842d27ff1401529a2fab2db4c300028d58aebe2a064ec5b4ca
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA011D71B1AA46A1EA629B15E8543B5A3A0FF98BC5F402031DA4E46755EF3CE105C628
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A81A2610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • _PyObject_GC_New.PYTHON310(?,?,00000000,00007FF8A81A2523), ref: 00007FF8A81A2616
                                                                                                                                                                                                                                                                        • PyObject_GC_Track.PYTHON310(?,?,00000000,00007FF8A81A2523), ref: 00007FF8A81A2648
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389498484.00007FF8A81A1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A81A0000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389466782.00007FF8A81A0000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A81A6000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8204000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A8253000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389528884.00007FF8A82AC000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389714096.00007FF8A82AF000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389742802.00007FF8A82B1000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a81a0000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Object_$Track
                                                                                                                                                                                                                                                                        • String ID: 3.2.0
                                                                                                                                                                                                                                                                        • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                                                        • Opcode ID: 130b53709363e2619516061a5c988ffa53525eb8ea4b72339361dea2d0428f1f
                                                                                                                                                                                                                                                                        • Instruction ID: a435e09634411883d383ec08972f61eac92422da9ad5d43b0d1a2068f3dc6c06
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 130b53709363e2619516061a5c988ffa53525eb8ea4b72339361dea2d0428f1f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFE07535A1BB02A1EB178B61E844064A6A8FF48B95F940135CD5D02360EF3CE1A5C368
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A806B220 Relevance: 5.2, APIs: 4, Instructions: 221COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 438689982-0
                                                                                                                                                                                                                                                                        • Opcode ID: da978b9ced1dbd130e4a99f822d6bc5f9602a246abd12c47bf175d2c6bfdcf69
                                                                                                                                                                                                                                                                        • Instruction ID: 8c76499acdb7096f47ed29130e08e2c7c66f0c2d5e0a63f425bd4619065dfaf2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da978b9ced1dbd130e4a99f822d6bc5f9602a246abd12c47bf175d2c6bfdcf69
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C291F1B2A0A642A2EF64CE16A92127A77A1FF44BD4F444135EF8D07BC4CF7CE4608718
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                        Function 00007FF8A806B960 Relevance: 5.2, APIs: 4, Instructions: 219COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2389256687.00007FF8A8021000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389228356.00007FF8A8020000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389356129.00007FF8A8151000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389394345.00007FF8A817E000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2389428930.00007FF8A8183000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8a8020000_purchaseorder4.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                                                                                                                        • Opcode ID: bfce8cb74de9118d866782ca146bdcd7df1084ef8106d47c6efc94648089dab2
                                                                                                                                                                                                                                                                        • Instruction ID: 130cde16526e34a23413115226da3e619b2ff7adf6f2b9f30cc0450da31a736a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfce8cb74de9118d866782ca146bdcd7df1084ef8106d47c6efc94648089dab2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E591D1B1A0B746A6EF65DE1699601392394FB04BD0F095234DFAD07BC5EFBCE4208728
                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%