Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe

Overview

General Information

Sample name:REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
Analysis ID:1640795
MD5:38f235d25e264d4c15c7596bb02d74fb
SHA1:1b61618f9b4a052f6141d001c121dab951400ccd
SHA256:19298835e138f870193c12029158ec18ce6d1d4c5ec12372d533eaf855c0e7f0
Tags:exeuser-threatcat_ch
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8001882214:AAFYbuE3sctUsMptRg6i8B28zD_AOK7mrvg/sendMessage?chat_id=6090860697", "Token": "8001882214:AAFYbuE3sctUsMptRg6i8B28zD_AOK7mrvg", "Chat_id": "6090860697", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x1485f:$a1: get_encryptedPassword
      • 0x14b4b:$a2: get_encryptedUsername
      • 0x1466b:$a3: get_timePasswordChanged
      • 0x14766:$a4: get_passwordField
      • 0x14875:$a5: set_encryptedPassword
      • 0x15ee6:$a7: get_logins
      • 0x15e49:$a10: KeyLoggerEventArgs
      • 0x15ab4:$a11: KeyLoggerEventArgsEventHandler
      00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x198a4:$x1: $%SMTPDV$
      • 0x18288:$x2: $#TheHashHere%&
      • 0x1984c:$x3: %FTPDV$
      • 0x18228:$x4: $%TelegramDv$
      • 0x15ab4:$x5: KeyLoggerEventArgs
      • 0x15e49:$x5: KeyLoggerEventArgs
      • 0x19870:$m2: Clipboard Logs ID
      • 0x19aae:$m2: Screenshot Logs ID
      • 0x19bbe:$m2: keystroke Logs ID
      • 0x19e98:$m3: SnakePW
      • 0x19a86:$m4: \SnakeKeylogger\
      00000002.00000002.3499265424.00000000034FB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12c5f:$a1: get_encryptedPassword
            • 0x12f4b:$a2: get_encryptedUsername
            • 0x12a6b:$a3: get_timePasswordChanged
            • 0x12b66:$a4: get_passwordField
            • 0x12c75:$a5: set_encryptedPassword
            • 0x142e6:$a7: get_logins
            • 0x14249:$a10: KeyLoggerEventArgs
            • 0x13eb4:$a11: KeyLoggerEventArgsEventHandler
            0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a65a:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x1988c:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19cbf:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1acfe:$a5: \Kometa\User Data\Default\Login Data
            0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x13842:$s1: UnHook
            • 0x13849:$s2: SetHook
            • 0x13851:$s3: CallNextHook
            • 0x1385e:$s4: _hook
            Click to see the 23 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-17T18:31:14.161259+010028033053Unknown Traffic192.168.2.1049683104.21.48.1443TCP
            2025-03-17T18:31:22.918075+010028033053Unknown Traffic192.168.2.1049693104.21.48.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-17T18:31:12.625523+010028032742Potentially Bad Traffic192.168.2.1049681132.226.8.16980TCP
            2025-03-17T18:31:13.609884+010028032742Potentially Bad Traffic192.168.2.1049681132.226.8.16980TCP
            2025-03-17T18:31:15.000544+010028032742Potentially Bad Traffic192.168.2.1049684132.226.8.16980TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8001882214:AAFYbuE3sctUsMptRg6i8B28zD_AOK7mrvg/sendMessage?chat_id=6090860697", "Token": "8001882214:AAFYbuE3sctUsMptRg6i8B28zD_AOK7mrvg", "Chat_id": "6090860697", "Version": "5.1"}
            Multi AV Scanner detection for submitted file
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeVirustotal: Detection: 42%Perma Link
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeReversingLabs: Detection: 58%
            Joe Sandbox ML detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Sample uses string decryption to hide its real strings
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpackString decryptor:
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpackString decryptor: 8001882214:AAFYbuE3sctUsMptRg6i8B28zD_AOK7mrvg
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpackString decryptor: 6090860697

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.10:49682 version: TLS 1.0
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: STRy.pdb source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: Binary string: STRy.pdbSHA256 source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 0167F1F6h2_2_0167F007
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 0167FB80h2_2_0167F007
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_0167E528
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF8945h2_2_06EF8608
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF65C9h2_2_06EF6320
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06EF36CE
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF6171h2_2_06EF5EC8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF58C1h2_2_06EF5618
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF6A21h2_2_06EF6778
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF7751h2_2_06EF74A8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF0741h2_2_06EF0498
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF0FF1h2_2_06EF0D48
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF8001h2_2_06EF7D58
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF5D19h2_2_06EF5A70
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF6E79h2_2_06EF6BD0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06EF33A8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06EF33B8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF0B99h2_2_06EF08F0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF02E9h2_2_06EF0040
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF72FAh2_2_06EF7050
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF8459h2_2_06EF81B0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF5441h2_2_06EF5198
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 4x nop then jmp 06EF7BA9h2_2_06EF7900
            Source: global trafficTCP traffic: 192.168.2.10:63182 -> 162.159.36.2:53
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
            Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
            Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49684 -> 132.226.8.169:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49681 -> 132.226.8.169:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49683 -> 104.21.48.1:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49693 -> 104.21.48.1:443
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.10:49682 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003487000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034A3000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003495000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034BF000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003487000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034A3000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003495000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003437000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003331000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003487000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034A3000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003495000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.000000000340D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003487000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034A3000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003495000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003437000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000033F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003487000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034A3000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003495000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003437000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000034B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
            Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
            Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_00EB3E400_2_00EB3E40
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_00EB6F920_2_00EB6F92
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_00EBD87C0_2_00EBD87C
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D95500_2_074D9550
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D50780_2_074D5078
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D2FA80_2_074D2FA8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D4C400_2_074D4C40
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074DAC700_2_074DAC70
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D4C310_2_074D4C31
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D5A180_2_074D5A18
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D5A280_2_074D5A28
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D48080_2_074D4808
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_016761082_2_01676108
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167C1902_2_0167C190
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167F0072_2_0167F007
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167C4732_2_0167C473
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167B4F72_2_0167B4F7
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167C7522_2_0167C752
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_016767302_2_01676730
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_016798582_2_01679858
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167BBD22_2_0167BBD2
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167CA322_2_0167CA32
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_01674AD92_2_01674AD9
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167BEB32_2_0167BEB3
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167E5282_2_0167E528
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_0167E5172_2_0167E517
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFB6E82_2_06EFB6E8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFD6702_2_06EFD670
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF86082_2_06EF8608
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF8C512_2_06EF8C51
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFA4082_2_06EFA408
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFBD382_2_06EFBD38
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFAA582_2_06EFAA58
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFC3882_2_06EFC388
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF63202_2_06EF6320
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFB0A02_2_06EFB0A0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFD0282_2_06EFD028
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFC9D82_2_06EFC9D8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF11A02_2_06EF11A0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF5EC82_2_06EF5EC8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFB6D92_2_06EFB6D9
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF5EB82_2_06EF5EB8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFD6612_2_06EFD661
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF56092_2_06EF5609
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF56182_2_06EF5618
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF676B2_2_06EF676B
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF67782_2_06EF6778
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF37302_2_06EF3730
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF74A82_2_06EF74A8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF04882_2_06EF0488
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF04982_2_06EF0498
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF74972_2_06EF7497
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF44302_2_06EF4430
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF85FC2_2_06EF85FC
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF0D482_2_06EF0D48
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF7D482_2_06EF7D48
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF7D582_2_06EF7D58
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFBD282_2_06EFBD28
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF0D392_2_06EF0D39
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF5A602_2_06EF5A60
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF5A702_2_06EF5A70
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFAA482_2_06EFAA48
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFA3F82_2_06EFA3F8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF6BC12_2_06EF6BC1
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF6BD02_2_06EF6BD0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF33A82_2_06EF33A8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF33B82_2_06EF33B8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFC3782_2_06EFC378
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF63112_2_06EF6311
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF08E02_2_06EF08E0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF08F02_2_06EF08F0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF78F02_2_06EF78F0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFB0902_2_06EFB090
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF00402_2_06EF0040
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF70402_2_06EF7040
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF70502_2_06EF7050
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF28072_2_06EF2807
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF00062_2_06EF0006
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF28182_2_06EF2818
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFD0182_2_06EFD018
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EFC9C82_2_06EFC9C8
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF81A02_2_06EF81A0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF81B02_2_06EF81B0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF518B2_2_06EF518B
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF51982_2_06EF5198
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF11912_2_06EF1191
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 2_2_06EF79002_2_06EF7900
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1041996028.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1045917582.0000000008FE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1041996028.0000000002BF5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1041996028.0000000002CE6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1041400084.00000000010FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000002.1045566433.0000000007440000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000000.00000000.1030191777.000000000089E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSTRy.exe> vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3497477158.00000000012F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeBinary or memory string: OriginalFilenameSTRy.exe> vs REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, .csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, .csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, .csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, .csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, WK8t8iecWiTpGCIL5F.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, WK8t8iecWiTpGCIL5F.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, O8qvj20SamKbffkoW1.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, O8qvj20SamKbffkoW1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, O8qvj20SamKbffkoW1.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, O8qvj20SamKbffkoW1.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, O8qvj20SamKbffkoW1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, O8qvj20SamKbffkoW1.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, WK8t8iecWiTpGCIL5F.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, WK8t8iecWiTpGCIL5F.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/2
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.logJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMutant created: NULL
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003577000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003585000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.0000000003567000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000035AD000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3500733126.00000000043BB000.00000004.00000800.00020000.00000000.sdmp, REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3499265424.00000000035B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeVirustotal: Detection: 42%
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeReversingLabs: Detection: 58%
            Source: unknownProcess created: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe "C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe"
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess created: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe "C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe"
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess created: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe "C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe"Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: STRy.pdb source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe
            Source: Binary string: STRy.pdbSHA256 source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, O8qvj20SamKbffkoW1.cs.Net Code: u3FCNX2qOf System.Reflection.Assembly.Load(byte[])
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, O8qvj20SamKbffkoW1.cs.Net Code: u3FCNX2qOf System.Reflection.Assembly.Load(byte[])
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: 0xC8463929 [Mon Jun 22 09:55:53 2076 UTC]
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_00EBEE80 pushfd ; iretd 0_2_00EBEE81
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D6CAF push eax; iretd 0_2_074D6CB0
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeCode function: 0_2_074D6A2D push eax; iretd 0_2_074D6A2E
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeStatic PE information: section name: .text entropy: 7.677667064692474
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, S8laZe75M6pbhbTc5V.csHigh entropy of concatenated method names: 'W3DNOVwLb', 'ufwkHygXx', 'DhMOmxYvq', 'LAE4AM7FN', 'FtWInm39M', 'lwLl1KmV4', 'Ck8woAC8aHYZxU9LH1', 'Hh6phbryTkwML6L0Tc', 'b6JTUhTWn', 'QYbyxOshr'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, WK8t8iecWiTpGCIL5F.csHigh entropy of concatenated method names: 'zrfr1e3gcl', 'EEcriP3Paq', 'QA0rtj5D1V', 'KjrrnNcDcH', 'trOrK8Iwml', 'hAxrp2pfM0', 'USGr8EOWKw', 'GSfrsDRYGO', 'zO1rLCk9US', 'yDkrafRvw7'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, EDyCjepJdEqkXORlXe.csHigh entropy of concatenated method names: 'KZBVsLVHPB', 'Ks3VabKFvj', 'tk9Tq5XAfo', 'b21TjDTfHN', 'lYIVuxBsqf', 'NbkVECipCT', 'yTrVwXeqm7', 'JUmV19flvl', 'T55Vixl88P', 'FxHVtaOiNc'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, Hsb4rQac10rJV6LpXK.csHigh entropy of concatenated method names: 'AFOy38yiBC', 'HeKyvqiwGQ', 'WIiy9fNLJq', 'qXHyJd8BU9', 'vrLyYcZm7j', 'wS1y0gL6VF', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, i0W9csICRh0gyWZVmb.csHigh entropy of concatenated method names: 'a6c3kjt58F', 'QKA3O3xlm4', 'SuF3eL4llm', 'VGs3I4VRKY', 'vmL3fPvioo', 'eti3heW3FZ', 'aoa3V5tYcW', 'JK43TsqOhA', 'dsA3YG1UUq', 'Yfr3y2ei9x'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, yiBCZKjjZZNwwaXTTsg.csHigh entropy of concatenated method names: 'o65yasK5nG', 'jtdyz3TIHj', 'euhZqk6yII', 'QiIZjKIWCu', 'tkPZ7ABFIT', 'EnGZGR7Yht', 'xKWZCQxvJr', 'BZUZ2JvSI7', 'XmsZ5edW06', 'CltZrZGypn'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, G0xQalCNJfWMwpGsLh.csHigh entropy of concatenated method names: 'B7sjJK8t8i', 'BWij0TpGCI', 'WCRjmh0gyW', 'tVmjXbATdF', 'EeJjffnbjW', 'nJSjhJT4XV', 'x92PN7qUlVmY8hWdtU', 'XqZL3vdBKL6nh7u9Wf', 'NHEjjuyiO8', 'M4bjGWF500'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, O8qvj20SamKbffkoW1.csHigh entropy of concatenated method names: 'OTLG2sVkMu', 'QsOG5VUtI1', 'JlfGrdeJVR', 'EqlG3byG2E', 'ygWGvvhZGK', 'sU7G9bI9wZ', 'totGJ5Wq61', 'hrBG0SKRmR', 'bYpGB177B4', 'Y1NGmWB3va'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, GG6TqDFhSwsFVH2XSy.csHigh entropy of concatenated method names: 'OTNJ6MOFdr', 'mmTJHFWSXA', 'NrsJN5VPpi', 'lkuJkIjuag', 'S6PJcMKQKY', 'EQEJO8UVYc', 'O87J4mBCje', 'YouJewoGvp', 'xZ7JIui5a8', 'iAQJlfyBv8'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, py5Fy5rM4rve1Vmswf.csHigh entropy of concatenated method names: 'Dispose', 'JD0jLPuJuq', 'sRf7Pd5bEm', 'p5VHepTaxO', 'Kg0jakpfFT', 'X2AjzSAqkH', 'ProcessDialogKey', 'hBe7qhRlEH', 'js97jArXUg', 'txn77Psb4r'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, IjWQJSRJT4XVYUBJcp.csHigh entropy of concatenated method names: 'uRu92pdLlC', 'Fe19rR66eq', 'ayj9v1rUe6', 'Bxa9JaCwiW', 'YAo90GCHKm', 'TaEvKYH8hR', 'gE5vpC8Tv1', 'YGkv8aEO1s', 'QQ7vs5I1wR', 'FsIvLdr6TB'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, aucDfujqZrFMRMH5EOk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tvDyuGi0X0', 'nwyyETh3eb', 'fclywfmHKq', 'QeEy15siZ3', 'l7ZyivcKEg', 'soeyt1EIRr', 'bnrynx1I64'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, sgP6LojCcj8eGv1dsoY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'smcSYHc2U4', 'HeRSyyM3uj', 'Yd2SZlWHwT', 'rv6SS9B7fE', 'RaBSAJsKG0', 'BRZSdZYmxm', 'uwPSW8AsXS'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, vTdF79laQh5v2IeJfn.csHigh entropy of concatenated method names: 'EttvceHnTX', 'Dxfv4T8Lld', 'K2Z3D5Lkx5', 'NSd3baFhHd', 'VuA3gKSaf7', 'bUb3ojk86r', 'p4D3xlVFAu', 'nCH3UO1TJ1', 'rhb3F5ItsK', 'hdY3MEl7rP'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, HmPFQdnfOnDbtKtfJu.csHigh entropy of concatenated method names: 'ilbVm4xNtU', 'lH9VX7Y1In', 'ToString', 'd8gV5sMsN5', 'oYjVrNm1AW', 'vhNV3ShYZ3', 'z6eVvPQj2q', 'OjPV98ReBe', 'Y7IVJYL4Ww', 'eBgV0jde34'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, DhRlEHL9s9ArXUgZxn.csHigh entropy of concatenated method names: 'jJaYRxNtZW', 'kojYPCrtQB', 'sheYDeoCQF', 'YUbYbAT1pt', 'cQOYgpY0p9', 'PPoYoLFVp7', 'lfxYxAYqOu', 'grJYU40t59', 'xH2YFhwPmB', 'B5CYMBYrhv'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, fEGAZQ8WogD0PuJuqo.csHigh entropy of concatenated method names: 'Mb3Yf4tJe5', 'BrCYVETU8O', 'ytQYYGhtY8', 'VN0YZ4rif7', 'DZCYAFwUSA', 'u8FYWbMcxb', 'Dispose', 'PnXT5Cla2f', 'Q2ETridlwO', 'ViBT3hno1H'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, dVbFYTwJMEauvmsqo7.csHigh entropy of concatenated method names: 'qXpQefq1jN', 'KHpQIiD5dY', 'YL3QRaa9o5', 'yQSQPXxBPc', 'LOhQbAJUNt', 'pxuQgM4jw5', 'swIQxY3oJN', 'S1PQUnIPoF', 'GcfQMAtQhB', 'DfbQuV1pka'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, TdeGQKPCEdmRV8JXTl.csHigh entropy of concatenated method names: 'g2xIdfvotwhEZehBNKG', 'Syjn3SvJHtcY4J6Yq7P', 'HXkA6xv3SDjcsichTL6', 'aaq9TogYZc', 'XQn9Y0JSqA', 'iLk9yG0Lu7', 'g3TrsHvpau2oVxV8ai9', 'OF4MGZvaNyngvtkcgrP'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, VXC2JLtetPnvrru80l.csHigh entropy of concatenated method names: 'ToString', 'E60hutwY48', 'nN9hPiuFRy', 'mpUhD4VsUN', 'C3OhbYVMdD', 'BUghgC4Wq5', 'SeAhoEIdob', 'TmehxsCL2K', 'zd7hUnIh7k', 'B2hhFLOdLm'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, wgEB4lxsF7s4gpcyoP.csHigh entropy of concatenated method names: 'ettJ57oSkt', 'ihLJ3dXEjr', 'Yh0J9S8Nk4', 'KqG9aTKBOt', 'Srj9z5IOX6', 'qe1JqasQCu', 'GA5JjIdBXm', 'QlWJ7CVsVi', 'evaJGEhcIw', 'dXrJCHakBE'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, toPHuNbNJiEJtj3TqB.csHigh entropy of concatenated method names: 'FWr9WBJTtj', 'fGc96pp43x', 'ROI9NeA9Km', 'cVL9kSv45e', 'AoV9OgvxHl', 'Mip94bBQYH', 'Hgk9Ig7GJj', 'bF79lSE0mN', 'qp0lUsv6eEIZUDDVpt5', 'u5KlMpvyIYDw3PFTJ8x'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, dyMFK21g9rMBGWRYlD.csHigh entropy of concatenated method names: 'cytfMtll10', 'SsRfEneMUd', 'OrPf1ChCBs', 'V4jfimOTDu', 'IP6fPLZpr0', 'gWwfD7sOQ6', 'mkZfbU5n8s', 'DPEfgqr0MR', 'FicfobO9bB', 'uSLfxQIX40'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.7440000.4.raw.unpack, lkMS59z7idQugP9T7e.csHigh entropy of concatenated method names: 'howyOU68IB', 'FWLyeCrKY1', 'rKsyIU8Rv9', 'fO0yR12guG', 'QeDyPXdb24', 'fDxybJlOil', 'q8UygF9jX3', 'NLeyWRV7KL', 'zjJy6YHwJ9', 'lZRyHHykxj'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, S8laZe75M6pbhbTc5V.csHigh entropy of concatenated method names: 'W3DNOVwLb', 'ufwkHygXx', 'DhMOmxYvq', 'LAE4AM7FN', 'FtWInm39M', 'lwLl1KmV4', 'Ck8woAC8aHYZxU9LH1', 'Hh6phbryTkwML6L0Tc', 'b6JTUhTWn', 'QYbyxOshr'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, WK8t8iecWiTpGCIL5F.csHigh entropy of concatenated method names: 'zrfr1e3gcl', 'EEcriP3Paq', 'QA0rtj5D1V', 'KjrrnNcDcH', 'trOrK8Iwml', 'hAxrp2pfM0', 'USGr8EOWKw', 'GSfrsDRYGO', 'zO1rLCk9US', 'yDkrafRvw7'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, EDyCjepJdEqkXORlXe.csHigh entropy of concatenated method names: 'KZBVsLVHPB', 'Ks3VabKFvj', 'tk9Tq5XAfo', 'b21TjDTfHN', 'lYIVuxBsqf', 'NbkVECipCT', 'yTrVwXeqm7', 'JUmV19flvl', 'T55Vixl88P', 'FxHVtaOiNc'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, Hsb4rQac10rJV6LpXK.csHigh entropy of concatenated method names: 'AFOy38yiBC', 'HeKyvqiwGQ', 'WIiy9fNLJq', 'qXHyJd8BU9', 'vrLyYcZm7j', 'wS1y0gL6VF', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, i0W9csICRh0gyWZVmb.csHigh entropy of concatenated method names: 'a6c3kjt58F', 'QKA3O3xlm4', 'SuF3eL4llm', 'VGs3I4VRKY', 'vmL3fPvioo', 'eti3heW3FZ', 'aoa3V5tYcW', 'JK43TsqOhA', 'dsA3YG1UUq', 'Yfr3y2ei9x'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, yiBCZKjjZZNwwaXTTsg.csHigh entropy of concatenated method names: 'o65yasK5nG', 'jtdyz3TIHj', 'euhZqk6yII', 'QiIZjKIWCu', 'tkPZ7ABFIT', 'EnGZGR7Yht', 'xKWZCQxvJr', 'BZUZ2JvSI7', 'XmsZ5edW06', 'CltZrZGypn'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, G0xQalCNJfWMwpGsLh.csHigh entropy of concatenated method names: 'B7sjJK8t8i', 'BWij0TpGCI', 'WCRjmh0gyW', 'tVmjXbATdF', 'EeJjffnbjW', 'nJSjhJT4XV', 'x92PN7qUlVmY8hWdtU', 'XqZL3vdBKL6nh7u9Wf', 'NHEjjuyiO8', 'M4bjGWF500'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, O8qvj20SamKbffkoW1.csHigh entropy of concatenated method names: 'OTLG2sVkMu', 'QsOG5VUtI1', 'JlfGrdeJVR', 'EqlG3byG2E', 'ygWGvvhZGK', 'sU7G9bI9wZ', 'totGJ5Wq61', 'hrBG0SKRmR', 'bYpGB177B4', 'Y1NGmWB3va'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, GG6TqDFhSwsFVH2XSy.csHigh entropy of concatenated method names: 'OTNJ6MOFdr', 'mmTJHFWSXA', 'NrsJN5VPpi', 'lkuJkIjuag', 'S6PJcMKQKY', 'EQEJO8UVYc', 'O87J4mBCje', 'YouJewoGvp', 'xZ7JIui5a8', 'iAQJlfyBv8'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, py5Fy5rM4rve1Vmswf.csHigh entropy of concatenated method names: 'Dispose', 'JD0jLPuJuq', 'sRf7Pd5bEm', 'p5VHepTaxO', 'Kg0jakpfFT', 'X2AjzSAqkH', 'ProcessDialogKey', 'hBe7qhRlEH', 'js97jArXUg', 'txn77Psb4r'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, IjWQJSRJT4XVYUBJcp.csHigh entropy of concatenated method names: 'uRu92pdLlC', 'Fe19rR66eq', 'ayj9v1rUe6', 'Bxa9JaCwiW', 'YAo90GCHKm', 'TaEvKYH8hR', 'gE5vpC8Tv1', 'YGkv8aEO1s', 'QQ7vs5I1wR', 'FsIvLdr6TB'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, aucDfujqZrFMRMH5EOk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tvDyuGi0X0', 'nwyyETh3eb', 'fclywfmHKq', 'QeEy15siZ3', 'l7ZyivcKEg', 'soeyt1EIRr', 'bnrynx1I64'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, sgP6LojCcj8eGv1dsoY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'smcSYHc2U4', 'HeRSyyM3uj', 'Yd2SZlWHwT', 'rv6SS9B7fE', 'RaBSAJsKG0', 'BRZSdZYmxm', 'uwPSW8AsXS'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, vTdF79laQh5v2IeJfn.csHigh entropy of concatenated method names: 'EttvceHnTX', 'Dxfv4T8Lld', 'K2Z3D5Lkx5', 'NSd3baFhHd', 'VuA3gKSaf7', 'bUb3ojk86r', 'p4D3xlVFAu', 'nCH3UO1TJ1', 'rhb3F5ItsK', 'hdY3MEl7rP'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, HmPFQdnfOnDbtKtfJu.csHigh entropy of concatenated method names: 'ilbVm4xNtU', 'lH9VX7Y1In', 'ToString', 'd8gV5sMsN5', 'oYjVrNm1AW', 'vhNV3ShYZ3', 'z6eVvPQj2q', 'OjPV98ReBe', 'Y7IVJYL4Ww', 'eBgV0jde34'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, DhRlEHL9s9ArXUgZxn.csHigh entropy of concatenated method names: 'jJaYRxNtZW', 'kojYPCrtQB', 'sheYDeoCQF', 'YUbYbAT1pt', 'cQOYgpY0p9', 'PPoYoLFVp7', 'lfxYxAYqOu', 'grJYU40t59', 'xH2YFhwPmB', 'B5CYMBYrhv'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, fEGAZQ8WogD0PuJuqo.csHigh entropy of concatenated method names: 'Mb3Yf4tJe5', 'BrCYVETU8O', 'ytQYYGhtY8', 'VN0YZ4rif7', 'DZCYAFwUSA', 'u8FYWbMcxb', 'Dispose', 'PnXT5Cla2f', 'Q2ETridlwO', 'ViBT3hno1H'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, dVbFYTwJMEauvmsqo7.csHigh entropy of concatenated method names: 'qXpQefq1jN', 'KHpQIiD5dY', 'YL3QRaa9o5', 'yQSQPXxBPc', 'LOhQbAJUNt', 'pxuQgM4jw5', 'swIQxY3oJN', 'S1PQUnIPoF', 'GcfQMAtQhB', 'DfbQuV1pka'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, TdeGQKPCEdmRV8JXTl.csHigh entropy of concatenated method names: 'g2xIdfvotwhEZehBNKG', 'Syjn3SvJHtcY4J6Yq7P', 'HXkA6xv3SDjcsichTL6', 'aaq9TogYZc', 'XQn9Y0JSqA', 'iLk9yG0Lu7', 'g3TrsHvpau2oVxV8ai9', 'OF4MGZvaNyngvtkcgrP'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, VXC2JLtetPnvrru80l.csHigh entropy of concatenated method names: 'ToString', 'E60hutwY48', 'nN9hPiuFRy', 'mpUhD4VsUN', 'C3OhbYVMdD', 'BUghgC4Wq5', 'SeAhoEIdob', 'TmehxsCL2K', 'zd7hUnIh7k', 'B2hhFLOdLm'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, wgEB4lxsF7s4gpcyoP.csHigh entropy of concatenated method names: 'ettJ57oSkt', 'ihLJ3dXEjr', 'Yh0J9S8Nk4', 'KqG9aTKBOt', 'Srj9z5IOX6', 'qe1JqasQCu', 'GA5JjIdBXm', 'QlWJ7CVsVi', 'evaJGEhcIw', 'dXrJCHakBE'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, toPHuNbNJiEJtj3TqB.csHigh entropy of concatenated method names: 'FWr9WBJTtj', 'fGc96pp43x', 'ROI9NeA9Km', 'cVL9kSv45e', 'AoV9OgvxHl', 'Mip94bBQYH', 'Hgk9Ig7GJj', 'bF79lSE0mN', 'qp0lUsv6eEIZUDDVpt5', 'u5KlMpvyIYDw3PFTJ8x'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, dyMFK21g9rMBGWRYlD.csHigh entropy of concatenated method names: 'cytfMtll10', 'SsRfEneMUd', 'OrPf1ChCBs', 'V4jfimOTDu', 'IP6fPLZpr0', 'gWwfD7sOQ6', 'mkZfbU5n8s', 'DPEfgqr0MR', 'FicfobO9bB', 'uSLfxQIX40'
            Source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3d8e270.2.raw.unpack, lkMS59z7idQugP9T7e.csHigh entropy of concatenated method names: 'howyOU68IB', 'FWLyeCrKY1', 'rKsyIU8Rv9', 'fO0yR12guG', 'QeDyPXdb24', 'fDxybJlOil', 'q8UygF9jX3', 'NLeyWRV7KL', 'zjJy6YHwJ9', 'lZRyHHykxj'
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTR
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: EB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: 4BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: 9040000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: A040000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: A250000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: B250000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: 1670000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: 3330000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599641Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599516Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599406Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599297Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599187Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599078Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598969Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598859Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598750Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598641Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598516Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598391Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598281Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598172Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598062Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597953Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597844Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597734Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597625Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597516Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597391Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597266Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597156Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597047Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596938Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596813Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596688Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596578Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596425Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596297Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596187Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596078Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595969Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595844Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595716Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595608Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595487Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595339Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595109Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594858Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594666Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594563Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594438Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594313Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594203Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594094Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 593969Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 593859Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeWindow / User API: threadDelayed 2534Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeWindow / User API: threadDelayed 7309Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 6528Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 6632Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -27670116110564310s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7064Thread sleep count: 2534 > 30Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7064Thread sleep count: 7309 > 30Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599641s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599516s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -599078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598641s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598516s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598391s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598281s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598172s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -598062s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597953s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597844s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597625s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597516s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597391s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597266s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -597047s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596938s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596813s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596688s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596425s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -596078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595844s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595716s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595608s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595487s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595339s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -595109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594858s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594666s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594563s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594438s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594313s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594203s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -594094s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -593969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe TID: 7068Thread sleep time: -593859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 30000Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599641Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599516Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599406Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599297Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599187Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 599078Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598969Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598859Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598750Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598641Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598516Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598391Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598281Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598172Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 598062Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597953Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597844Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597734Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597625Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597516Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597391Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597266Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597156Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 597047Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596938Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596813Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596688Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596578Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596425Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596297Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596187Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 596078Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595969Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595844Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595716Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595608Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595487Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595339Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 595109Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594858Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594666Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594563Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594438Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594313Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594203Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 594094Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 593969Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeThread delayed: delay time: 593859Jump to behavior
            Source: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe, 00000002.00000002.3498379562.00000000016EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeMemory written: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeProcess created: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe "C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe"Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3499265424.00000000034FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3499265424.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c776e8.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe.3c56cc8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.3497274920.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3499265424.00000000034FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1042942598.0000000003BE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3499265424.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6536, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: REQUIRED-ORDER-REFERENCE-WITH-COMPANY-DETAILS.exe PID: 6812, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            System Network Configuration Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.