Windows Analysis Report
Purchase Order_20240528.exe

Overview

General Information

Sample name: Purchase Order_20240528.exe
Analysis ID: 1448264
MD5: b6422c6c56cdab2a43415fdcceeaf3e6
SHA1: e05e478ce595c575d20f26b9cecc027068af5cd4
SHA256: 91c657cef25403ba946ecfe02fa69010169e8ab2515d3a1608b405ac3d12c1cd
Tags: exeFormbook
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses nslookup.exe to query domains
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://www.vpachurch.org.uk/hx08/ Avira URL Cloud: Label: malware
Source: http://www.ceo-retreats.co.uk/5s1a/ Avira URL Cloud: Label: malware
Source: http://www.vpachurch.org.uk/hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0 Avira URL Cloud: Label: malware
Source: http://www.ilodezu.com/07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ= Avira URL Cloud: Label: malware
Source: http://www.ceo-retreats.co.uk/5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0 Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: vpachurch.org.uk Virustotal: Detection: 8% Perma Link
Multi AV Scanner detection for submitted file
Source: Purchase Order_20240528.exe Virustotal: Detection: 41% Perma Link
Source: Purchase Order_20240528.exe ReversingLabs: Detection: 26%
Yara detected FormBook
Source: Yara match File source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: Purchase Order_20240528.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Purchase Order_20240528.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Purchase Order_20240528.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: nslookup.pdb source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nslookup.pdbGCTL source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2132913413.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2285918681.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: wntdll.pdbUGP source: Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Purchase Order_20240528.exe, Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A6BD30 FindFirstFileW,FindNextFileW,FindClose, 5_2_02A6BD30
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 4x nop then jmp 06D16A72h 0_2_06D16172
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 4x nop then xor eax, eax 5_2_02A597F0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 4x nop then pop edi 5_2_02A622FB

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49712 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49713 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49717 -> 212.227.172.254:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49718 -> 212.227.172.254:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49721 -> 199.59.243.225:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49722 -> 199.59.243.225:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49725 -> 46.30.215.104:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49726 -> 46.30.215.104:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49729 -> 92.205.15.157:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49730 -> 92.205.15.157:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49733 -> 76.223.67.189:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49734 -> 76.223.67.189:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49737 -> 216.40.34.41:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49738 -> 216.40.34.41:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49741 -> 203.161.43.227:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49742 -> 203.161.43.227:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49745 -> 185.229.21.229:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49746 -> 185.229.21.229:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49749 -> 178.63.50.103:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49750 -> 178.63.50.103:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49753 -> 108.179.192.228:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49754 -> 108.179.192.228:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49757 -> 149.88.84.60:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49758 -> 149.88.84.60:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49761 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49762 -> 3.33.130.190:80
Uses nslookup.exe to query domains
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe" Jump to behavior
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 76.223.67.189 76.223.67.189
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View ASN Name: ONECOMDK ONECOMDK
Source: Joe Sandbox View ASN Name: GD-EMEA-DC-SXB1DE GD-EMEA-DC-SXB1DE
Source: Joe Sandbox View ASN Name: BODIS-NJUS BODIS-NJUS
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ= HTTP/1.1Host: www.ilodezu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0 HTTP/1.1Host: www.vpachurch.org.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs= HTTP/1.1Host: www.shopnaya.frAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /gy0x/?5L0=2bCPy0&jTZPp=q3tVqQVST/58pKcjgu6vzl4r/mjx+/3v5p1oiGGfWC80c0QmTZc7sue0joIh5TaOhvctfB+I4hP6RP0S+zGuZLn5ZOGHWIzMGtqXZLXUxKwwwvK+KKFBFwNnv8XJAo+gt0xcEPY= HTTP/1.1Host: www.etrading.cloudAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0 HTTP/1.1Host: www.ceo-retreats.co.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc= HTTP/1.1Host: www.mavonorm-global.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /3gap/?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy0 HTTP/1.1Host: www.adhdphotography.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /dkdj/?5L0=2bCPy0&jTZPp=U2MbIDwYObql7+StDszk2IWvOqKP49Y4LLLXxrmKfStKROUY/qK9Zw3EJYAbIJoej5+11dDiuiwrzCxekQQ2SsNjLcEghxbMGsQSE4hdcQPQTWeOxMh44mhCIwJzKEDB4Xq2erE= HTTP/1.1Host: www.allgiftedmalaysia.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /05xu/?jTZPp=ReZNC8TX9gJaOIK/BvITh+0FGwzFHm92bQvbNg62F2J0R8z5SuhCGDe2HN2Byu0BC7BKvHjRxIjSR8MFICml92wEl2DsCCajGT/6l7iIm8MBifF7wDoE5bE7ZGx4kkh6K6rbsW4=&5L0=2bCPy0 HTTP/1.1Host: www.shortput.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /zzbw/?5L0=2bCPy0&jTZPp=SYw/9+A27wDBBFVE9oOer+iKSaxo18ff/QICalIUdVK4tpmTGYvTJqWTGl/IZc6vUKz9bMfWLss6gerKkQ1b4agtfT85HThTdgJ4Gv37GO/tiVjy/t6jt5abgYoy/lcD8efQawI= HTTP/1.1Host: www.cuddle-paws.co.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI+Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf+AOShDHzPE0tCU=&5L0=2bCPy0 HTTP/1.1Host: www.home-stroi0m.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /qy3g/?5L0=2bCPy0&jTZPp=7q/G7U1VqeddkNflMKI5sgAtLetf9b28atPRKW5PTHlUqHsLUKcur6rUhXkF0p+A/GSL70VLC9tJc0iDQkT9IaJtmga1X/Il1jAXyheslQ8xXpmoQqjsBC9sonYkPfqEZQpcDiM= HTTP/1.1Host: www.betopfloor.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /hsw0/?jTZPp=uLXyH8QWgplw+01MGt5z7ZtXboPXNqbkC1uKFcneqhr1T/4kMzskxZHx0kzyKUbp4FdXPGelQZ0lXUIJIylJCH/YaybQLXyPxH18cc3uRqVtxx5ALXmeuWDvi0AdBTC67hBeitw=&5L0=2bCPy0 HTTP/1.1Host: www.bade.inkAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /d42u/?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo= HTTP/1.1Host: www.futurereadyteaming.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: www.ilodezu.com
Source: global traffic DNS traffic detected: DNS query: www.vpachurch.org.uk
Source: global traffic DNS traffic detected: DNS query: www.shopnaya.fr
Source: global traffic DNS traffic detected: DNS query: www.dolcegusto-quiz.fun
Source: global traffic DNS traffic detected: DNS query: www.etrading.cloud
Source: global traffic DNS traffic detected: DNS query: www.ceo-retreats.co.uk
Source: global traffic DNS traffic detected: DNS query: www.mavonorm-global.uk
Source: global traffic DNS traffic detected: DNS query: www.adhdphotography.com
Source: global traffic DNS traffic detected: DNS query: www.allgiftedmalaysia.com
Source: global traffic DNS traffic detected: DNS query: www.shortput.top
Source: global traffic DNS traffic detected: DNS query: www.cuddle-paws.co.uk
Source: global traffic DNS traffic detected: DNS query: www.home-stroi0m.ru
Source: global traffic DNS traffic detected: DNS query: www.betopfloor.com
Source: global traffic DNS traffic detected: DNS query: www.bade.ink
Source: global traffic DNS traffic detected: DNS query: www.futurereadyteaming.com
Source: unknown HTTP traffic detected: POST /hx08/ HTTP/1.1Host: www.vpachurch.org.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usAccept-Encoding: gzip, deflate, brConnection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 210Origin: http://www.vpachurch.org.ukReferer: http://www.vpachurch.org.uk/hx08/User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Data Raw: 6a 54 5a 50 70 3d 7a 71 71 36 67 42 70 62 6c 6a 6b 31 39 75 50 72 47 2b 64 55 4e 36 78 6a 74 42 7a 68 39 74 50 6f 59 71 62 38 48 51 43 58 6f 79 30 4c 37 62 6b 48 6e 75 75 41 75 33 4a 5a 50 77 77 2b 4d 45 36 55 41 47 62 30 56 6a 45 52 38 56 50 68 77 4d 4b 6c 51 65 30 36 69 37 30 33 63 2b 50 6d 76 46 79 53 75 55 45 52 64 64 6a 68 7a 30 33 43 6a 50 38 34 42 6b 4d 7a 4e 32 61 6c 4d 2b 79 4d 37 4f 72 4d 47 66 71 51 58 46 42 65 52 58 64 73 4b 45 43 49 65 49 5a 7a 75 48 68 76 30 49 6c 7a 44 67 63 70 32 76 6a 73 58 76 62 37 6a 31 67 35 39 68 6f 56 6a 6c 6c 4e 52 57 48 64 64 41 2f 49 54 71 4d 4f 47 52 58 64 71 65 4d 6d 35 36 6a 69 Data Ascii: jTZPp=zqq6gBpbljk19uPrG+dUN6xjtBzh9tPoYqb8HQCXoy0L7bkHnuuAu3JZPww+ME6UAGb0VjER8VPhwMKlQe06i703c+PmvFySuUERddjhz03CjP84BkMzN2alM+yM7OrMGfqQXFBeRXdsKECIeIZzuHhv0IlzDgcp2vjsXvb7j1g59hoVjllNRWHddA/ITqMOGRXdqeMm56ji
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:27 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 247437343Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:29 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 275448000Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:32 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 229319986Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:34 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 273023697Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:40 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 10723Content-Type: text/html; charset=UTF-8Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 95 b8 74 c9 55 41 43 0a 2d 72 3f f8 5e eb 06 25 38 83 f6 de 0f f2 c8 91 ac 5e d6 8b 7f 35 4b 94 b8 10 af 3d 71 54 c8 4a 63 91 23 0e 4b 33 b6 0e aa d9 b7 f6 72 1e f4 c1 7c 6d 1f b5 f7 6d bf 73 50 c1 88 ea e5 ae cf b6 d3 06 6f eb 8a a7 e5 d3 d2 b1 f3 72 9d 91 a7 65 2f d9 d3 b2 69 36 9e 96 08 7e 84 a7 a5 48 18 67 d1 d3 32 93 97 4c 3e 2d 11 41 fa e2 51 81 da c4 fb 01 22 c8 9d 76 38 27 dd 69 f7 b2 d7 9d 76 df fd bb 97 3b 3d c2 1c 6d ad df 66 44 b5 e9 6b e5 a3 8a 34 f0 c9 c1 91 5b 9f 96 e7 81 36 d4 a9 a7 e5 57 17 88 91 53 da e2 53 a6 a1 be fe 49 db 2a 65 09 8b d0 34 95 c1 f2 ee e6 d8 0a b8 66 68 0a 5a 07 cb 8e 52 2a ca 0f d5 0d dc 2d 83 9b 45 3a 7b c3 96 f4 12 e9 20 43 1c d1 e5 be 87 43 1d ea 49 6f af fb 77 f9 6a 6c bf ef f2 49 3b ef 0a 4d a4 7d bd 90 a9 e2 1e 02 fe e8 47 fd fb 36 c4 53 e9 b4 73 ad e9 1f bd b1 6a a7 99 d3 fe c1 eb 43 68 88 9c ad 31 d9 78 60 bb bd 86 1e 63 93 e5 36 8d c7 69 22 61 f3 90 11 4f 5e 43 33 19 f3 1d fc a5 6b 1f 72 c2 89 66 b5 ea 4f ca b1 a6 ad 82 c4 d1 ad be 03 4c 34 db b6 5d f7 49 5f 7c e8 09 27 5c 89 64 be a2 f4 cb 7f 6e 7b 1f c9 f7 d6 aa 6b a8 d9 4e 7b 39 79 c9 1f 95 57 e8 13 b6 00 ef 57 0a 13 5b 85 74 dd a9 1f 08 42 91 52 07 0d cf e4 be bd 7a 67 b7 26 5e 3d fd 6a 40 57 55 65 bf f8 e7 09 33 f9 ae 47 92 d7 6f 1d 7a 3c d6 ca 69 a4 49 c6 50 11 19 50 fd a4 e8 e9 d8 e4 51 fd 74 6c b6 db e8 e9 b8 d5 7c fb 74 94 9c 37 4f 47 99 aa 2c b4 1a 02 7d ee cd 75 e0 b7 37 a2 b8 41 7d 74 b3 55 7f 2f Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:42 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 10723Content-Type: text/html; charset=UTF-8Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 95 b8 74 c9 55 41 43 0a 2d 72 3f f8 5e eb 06 25 38 83 f6 de 0f f2 c8 91 ac 5e d6 8b 7f 35 4b 94 b8 10 af 3d 71 54 c8 4a 63 91 23 0e 4b 33 b6 0e aa d9 b7 f6 72 1e f4 c1 7c 6d 1f b5 f7 6d bf 73 50 c1 88 ea e5 ae cf b6 d3 06 6f eb 8a a7 e5 d3 d2 b1 f3 72 9d 91 a7 65 2f d9 d3 b2 69 36 9e 96 08 7e 84 a7 a5 48 18 67 d1 d3 32 93 97 4c 3e 2d 11 41 fa e2 51 81 da c4 fb 01 22 c8 9d 76 38 27 dd 69 f7 b2 d7 9d 76 df fd bb 97 3b 3d c2 1c 6d ad df 66 44 b5 e9 6b e5 a3 8a 34 f0 c9 c1 91 5b 9f 96 e7 81 36 d4 a9 a7 e5 57 17 88 91 53 da e2 53 a6 a1 be fe 49 db 2a 65 09 8b d0 34 95 c1 f2 ee e6 d8 0a b8 66 68 0a 5a 07 cb 8e 52 2a ca 0f d5 0d dc 2d 83 9b 45 3a 7b c3 96 f4 12 e9 20 43 1c d1 e5 be 87 43 1d ea 49 6f af fb 77 f9 6a 6c bf ef f2 49 3b ef 0a 4d a4 7d bd 90 a9 e2 1e 02 fe e8 47 fd fb 36 c4 53 e9 b4 73 ad e9 1f bd b1 6a a7 99 d3 fe c1 eb 43 68 88 9c ad 31 d9 78 60 bb bd 86 1e 63 93 e5 36 8d c7 69 22 61 f3 90 11 4f 5e 43 33 19 f3 1d fc a5 6b 1f 72 c2 89 66 b5 ea 4f ca b1 a6 ad 82 c4 d1 ad be 03 4c 34 db b6 5d f7 49 5f 7c e8 09 27 5c 89 64 be a2 f4 cb 7f 6e 7b 1f c9 f7 d6 aa 6b a8 d9 4e 7b 39 79 c9 1f 95 57 e8 13 b6 00 ef 57 0a 13 5b 85 74 dd a9 1f 08 42 91 52 07 0d cf e4 be bd 7a 67 b7 26 5e 3d fd 6a 40 57 55 65 bf f8 e7 09 33 f9 ae 47 92 d7 6f 1d 7a 3c d6 ca 69 a4 49 c6 50 11 19 50 fd a4 e8 e9 d8 e4 51 fd 74 6c b6 db e8 e9 b8 d5 7c fb 74 94 9c 37 4f 47 99 aa 2c b4 1a 02 7d ee cd 75 e0 b7 37 a2 b8 41 7d 74 b3 55 7f 2f Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:45 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 10723Content-Type: text/html; charset=UTF-8Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 95 b8 74 c9 55 41 43 0a 2d 72 3f f8 5e eb 06 25 38 83 f6 de 0f f2 c8 91 ac 5e d6 8b 7f 35 4b 94 b8 10 af 3d 71 54 c8 4a 63 91 23 0e 4b 33 b6 0e aa d9 b7 f6 72 1e f4 c1 7c 6d 1f b5 f7 6d bf 73 50 c1 88 ea e5 ae cf b6 d3 06 6f eb 8a a7 e5 d3 d2 b1 f3 72 9d 91 a7 65 2f d9 d3 b2 69 36 9e 96 08 7e 84 a7 a5 48 18 67 d1 d3 32 93 97 4c 3e 2d 11 41 fa e2 51 81 da c4 fb 01 22 c8 9d 76 38 27 dd 69 f7 b2 d7 9d 76 df fd bb 97 3b 3d c2 1c 6d ad df 66 44 b5 e9 6b e5 a3 8a 34 f0 c9 c1 91 5b 9f 96 e7 81 36 d4 a9 a7 e5 57 17 88 91 53 da e2 53 a6 a1 be fe 49 db 2a 65 09 8b d0 34 95 c1 f2 ee e6 d8 0a b8 66 68 0a 5a 07 cb 8e 52 2a ca 0f d5 0d dc 2d 83 9b 45 3a 7b c3 96 f4 12 e9 20 43 1c d1 e5 be 87 43 1d ea 49 6f af fb 77 f9 6a 6c bf ef f2 49 3b ef 0a 4d a4 7d bd 90 a9 e2 1e 02 fe e8 47 fd fb 36 c4 53 e9 b4 73 ad e9 1f bd b1 6a a7 99 d3 fe c1 eb 43 68 88 9c ad 31 d9 78 60 bb bd 86 1e 63 93 e5 36 8d c7 69 22 61 f3 90 11 4f 5e 43 33 19 f3 1d fc a5 6b 1f 72 c2 89 66 b5 ea 4f ca b1 a6 ad 82 c4 d1 ad be 03 4c 34 db b6 5d f7 49 5f 7c e8 09 27 5c 89 64 be a2 f4 cb 7f 6e 7b 1f c9 f7 d6 aa 6b a8 d9 4e 7b 39 79 c9 1f 95 57 e8 13 b6 00 ef 57 0a 13 5b 85 74 dd a9 1f 08 42 91 52 07 0d cf e4 be bd 7a 67 b7 26 5e 3d fd 6a 40 57 55 65 bf f8 e7 09 33 f9 ae 47 92 d7 6f 1d 7a 3c d6 ca 69 a4 49 c6 50 11 19 50 fd a4 e8 e9 d8 e4 51 fd 74 6c b6 db e8 e9 b8 d5 7c fb 74 94 9c 37 4f 47 99 aa 2c b4 1a 02 7d ee cd 75 e0 b7 37 a2 b8 41 7d 74 b3 55 7f 2f Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 72662986-fa05-4e92-a665-bfcf77779ddax-runtime: 0.029467content-length: 18254connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 238e2ff7-599a-4fd4-bb3d-a9cf08aa8df5x-runtime: 0.056269content-length: 18278connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: a8a9b9cd-96f7-44b8-b236-0f9927f5c434x-runtime: 0.033622content-length: 19290connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:20 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:23 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:25 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:28 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:34 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:36 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:41 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:02 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:04 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:07 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:09 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004F0C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.00000000041BC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
Source: Purchase Order_20240528.exe String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Purchase Order_20240528.exe String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004F0C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.00000000041BC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://gmpg.org/xfn/11
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004D7A000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.000000000402A000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5n
Source: nslookup.exe, 00000005.00000002.4540879237.00000000045A0000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003850000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RH
Source: Purchase Order_20240528.exe String found in binary or memory: http://ocsp.comodoca.com0
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4541673061.0000000004FA7000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.futurereadyteaming.com
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4541673061.0000000004FA7000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.futurereadyteaming.com/d42u/
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://help.hover.com/home?source=expired
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: nslookup.exe, 00000005.00000003.2406968840.0000000007B06000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4534212709.0000000002B6D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js
Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://twitter.com/hover
Source: Purchase Order_20240528.exe String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: nslookup.exe, 00000005.00000002.4540879237.000000000427C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.000000000352C000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/about?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/domain_pricing?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/domains/results
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/email?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/privacy?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/renew/domain/allgiftedmalaysia.com?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/renew?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/tools?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/tos?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/transfer_in?source=expired
Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.instagram.com/hover_domains
Source: nslookup.exe, 00000005.00000002.4540879237.0000000003F58000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003208000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
.NET source code contains very large array initializations
Source: 0.2.Purchase Order_20240528.exe.2815b80.0.raw.unpack, .cs Large array initialization: : array initializer size 27104
Source: 0.2.Purchase Order_20240528.exe.5280000.6.raw.unpack, .cs Large array initialization: : array initializer size 27104
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: Purchase Order_20240528.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622B60 NtClose,LdrInitializeThunk, 3_2_01622B60
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622DF0 NtQuerySystemInformation,LdrInitializeThunk, 3_2_01622DF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622C70 NtFreeVirtualMemory,LdrInitializeThunk, 3_2_01622C70
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016235C0 NtCreateMutant,LdrInitializeThunk, 3_2_016235C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01624340 NtSetContextThread, 3_2_01624340
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01624650 NtSuspendThread, 3_2_01624650
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622BE0 NtQueryValueKey, 3_2_01622BE0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622BF0 NtAllocateVirtualMemory, 3_2_01622BF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622BA0 NtEnumerateValueKey, 3_2_01622BA0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622B80 NtQueryInformationFile, 3_2_01622B80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622AF0 NtWriteFile, 3_2_01622AF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622AD0 NtReadFile, 3_2_01622AD0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622AB0 NtWaitForSingleObject, 3_2_01622AB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622D30 NtUnmapViewOfSection, 3_2_01622D30
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622D00 NtSetInformationFile, 3_2_01622D00
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622D10 NtMapViewOfSection, 3_2_01622D10
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622DD0 NtDelayExecution, 3_2_01622DD0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622DB0 NtEnumerateKey, 3_2_01622DB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622C60 NtCreateKey, 3_2_01622C60
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622C00 NtQueryInformationProcess, 3_2_01622C00
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622CF0 NtOpenProcess, 3_2_01622CF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622CC0 NtQueryVirtualMemory, 3_2_01622CC0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622CA0 NtQueryInformationToken, 3_2_01622CA0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622F60 NtCreateProcessEx, 3_2_01622F60
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622F30 NtCreateSection, 3_2_01622F30
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622FE0 NtCreateFile, 3_2_01622FE0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622FA0 NtQuerySection, 3_2_01622FA0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622FB0 NtResumeThread, 3_2_01622FB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622F90 NtProtectVirtualMemory, 3_2_01622F90
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622E30 NtWriteVirtualMemory, 3_2_01622E30
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622EE0 NtQueueApcThread, 3_2_01622EE0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622EA0 NtAdjustPrivilegesToken, 3_2_01622EA0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622E80 NtReadVirtualMemory, 3_2_01622E80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01623010 NtOpenDirectoryObject, 3_2_01623010
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01623090 NtSetValueKey, 3_2_01623090
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016239B0 NtGetContextThread, 3_2_016239B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01623D70 NtOpenThread, 3_2_01623D70
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01623D10 NtOpenProcessToken, 3_2_01623D10
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0042B543 NtClose, 3_2_0042B543
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F4340 NtSetContextThread,LdrInitializeThunk, 5_2_031F4340
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F4650 NtSuspendThread,LdrInitializeThunk, 5_2_031F4650
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2B60 NtClose,LdrInitializeThunk, 5_2_031F2B60
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2AD0 NtReadFile,LdrInitializeThunk, 5_2_031F2AD0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2AF0 NtWriteFile,LdrInitializeThunk, 5_2_031F2AF0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2F30 NtCreateSection,LdrInitializeThunk, 5_2_031F2F30
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2FB0 NtResumeThread,LdrInitializeThunk, 5_2_031F2FB0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2FE0 NtCreateFile,LdrInitializeThunk, 5_2_031F2FE0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2EE0 NtQueueApcThread,LdrInitializeThunk, 5_2_031F2EE0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2D10 NtMapViewOfSection,LdrInitializeThunk, 5_2_031F2D10
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2D30 NtUnmapViewOfSection,LdrInitializeThunk, 5_2_031F2D30
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2DD0 NtDelayExecution,LdrInitializeThunk, 5_2_031F2DD0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2DF0 NtQuerySystemInformation,LdrInitializeThunk, 5_2_031F2DF0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2C70 NtFreeVirtualMemory,LdrInitializeThunk, 5_2_031F2C70
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2C60 NtCreateKey,LdrInitializeThunk, 5_2_031F2C60
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2CA0 NtQueryInformationToken,LdrInitializeThunk, 5_2_031F2CA0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F35C0 NtCreateMutant,LdrInitializeThunk, 5_2_031F35C0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F39B0 NtGetContextThread,LdrInitializeThunk, 5_2_031F39B0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2B80 NtQueryInformationFile, 5_2_031F2B80
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2BA0 NtEnumerateValueKey, 5_2_031F2BA0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2BF0 NtAllocateVirtualMemory, 5_2_031F2BF0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2BE0 NtQueryValueKey, 5_2_031F2BE0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2AB0 NtWaitForSingleObject, 5_2_031F2AB0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2F60 NtCreateProcessEx, 5_2_031F2F60
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2F90 NtProtectVirtualMemory, 5_2_031F2F90
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2FA0 NtQuerySection, 5_2_031F2FA0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2E30 NtWriteVirtualMemory, 5_2_031F2E30
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2E80 NtReadVirtualMemory, 5_2_031F2E80
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2EA0 NtAdjustPrivilegesToken, 5_2_031F2EA0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2D00 NtSetInformationFile, 5_2_031F2D00
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2DB0 NtEnumerateKey, 5_2_031F2DB0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2C00 NtQueryInformationProcess, 5_2_031F2C00
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2CC0 NtQueryVirtualMemory, 5_2_031F2CC0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F2CF0 NtOpenProcess, 5_2_031F2CF0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F3010 NtOpenDirectoryObject, 5_2_031F3010
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F3090 NtSetValueKey, 5_2_031F3090
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F3D10 NtOpenProcessToken, 5_2_031F3D10
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F3D70 NtOpenThread, 5_2_031F3D70
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A77E60 NtDeleteFile, 5_2_02A77E60
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A77F00 NtClose, 5_2_02A77F00
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A77C10 NtCreateFile, 5_2_02A77C10
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A77D70 NtReadFile, 5_2_02A77D70
Detected potential crypto function
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_00E1E2EC 0_2_00E1E2EC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D14458 0_2_06D14458
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D12478 0_2_06D12478
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D19310 0_2_06D19310
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D12040 0_2_06D12040
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D12030 0_2_06D12030
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D11C08 0_2_06D11C08
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_06D13B80 0_2_06D13B80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01678158 3_2_01678158
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0100 3_2_015E0100
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168A118 3_2_0168A118
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A81CC 3_2_016A81CC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B01AA 3_2_016B01AA
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A41A2 3_2_016A41A2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AA352 3_2_016AA352
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B03E6 3_2_016B03E6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE3F0 3_2_015FE3F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016702C0 3_2_016702C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B0591 3_2_016B0591
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A2446 3_2_016A2446
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01694420 3_2_01694420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169E4F6 3_2_0169E4F6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01614750 3_2_01614750
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EC7C0 3_2_015EC7C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160C6E0 3_2_0160C6E0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01606962 3_2_01606962
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016BA9A6 3_2_016BA9A6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F2840 3_2_015F2840
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FA840 3_2_015FA840
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E8F0 3_2_0161E8F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D68B8 3_2_015D68B8
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AAB40 3_2_016AAB40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A6BD7 3_2_016A6BD7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EEA80 3_2_015EEA80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FAD00 3_2_015FAD00
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168CD1F 3_2_0168CD1F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EADE0 3_2_015EADE0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01608DBF 3_2_01608DBF
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0C00 3_2_015F0C00
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0CF2 3_2_015E0CF2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690CB5 3_2_01690CB5
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01664F40 3_2_01664F40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01632F28 3_2_01632F28
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01610F30 3_2_01610F30
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01692F30 3_2_01692F30
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E2FC8 3_2_015E2FC8
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FCFE0 3_2_015FCFE0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166EFA0 3_2_0166EFA0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0E59 3_2_015F0E59
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AEE26 3_2_016AEE26
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AEEDB 3_2_016AEEDB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602E90 3_2_01602E90
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016ACE93 3_2_016ACE93
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016BB16B 3_2_016BB16B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162516C 3_2_0162516C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DF172 3_2_015DF172
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FB1B0 3_2_015FB1B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A70E9 3_2_016A70E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AF0E0 3_2_016AF0E0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F70C0 3_2_015F70C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169F0CC 3_2_0169F0CC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DD34C 3_2_015DD34C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A132D 3_2_016A132D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0163739A 3_2_0163739A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016912ED 3_2_016912ED
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160B2C0 3_2_0160B2C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F52A0 3_2_015F52A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A7571 3_2_016A7571
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B95C3 3_2_016B95C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168D5B0 3_2_0168D5B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E1460 3_2_015E1460
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AF43F 3_2_016AF43F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AF7B0 3_2_016AF7B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01635630 3_2_01635630
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A16CC 3_2_016A16CC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F9950 3_2_015F9950
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160B950 3_2_0160B950
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01685910 3_2_01685910
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165D800 3_2_0165D800
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F38E0 3_2_015F38E0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AFB76 3_2_016AFB76
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01665BF0 3_2_01665BF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162DBF9 3_2_0162DBF9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160FB80 3_2_0160FB80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01663A6C 3_2_01663A6C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AFA49 3_2_016AFA49
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A7A46 3_2_016A7A46
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169DAC6 3_2_0169DAC6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01635AA0 3_2_01635AA0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168DAAC 3_2_0168DAAC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01691AA3 3_2_01691AA3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A7D73 3_2_016A7D73
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F3D40 3_2_015F3D40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A1D5A 3_2_016A1D5A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160FDC0 3_2_0160FDC0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01669C32 3_2_01669C32
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AFCF2 3_2_016AFCF2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AFF09 3_2_016AFF09
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015B3FD2 3_2_015B3FD2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015B3FD5 3_2_015B3FD5
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F1F92 3_2_015F1F92
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AFFB1 3_2_016AFFB1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F9EB0 3_2_015F9EB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00410111 3_2_00410111
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00410113 3_2_00410113
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00410333 3_2_00410333
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0040E3B3 3_2_0040E3B3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00402610 3_2_00402610
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_004028F0 3_2_004028F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00416A23 3_2_00416A23
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00402E40 3_2_00402E40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00402E32 3_2_00402E32
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00401100 3_2_00401100
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_004033D0 3_2_004033D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0042D923 3_2_0042D923
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327A352 5_2_0327A352
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032803E6 5_2_032803E6
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031CE3F0 5_2_031CE3F0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03260274 5_2_03260274
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032402C0 5_2_032402C0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031B0100 5_2_031B0100
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0325A118 5_2_0325A118
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03248158 5_2_03248158
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032801AA 5_2_032801AA
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032741A2 5_2_032741A2
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032781CC 5_2_032781CC
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03252000 5_2_03252000
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031E4750 5_2_031E4750
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C0770 5_2_031C0770
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031BC7C0 5_2_031BC7C0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031DC6E0 5_2_031DC6E0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C0535 5_2_031C0535
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03280591 5_2_03280591
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03264420 5_2_03264420
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03272446 5_2_03272446
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0326E4F6 5_2_0326E4F6
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327AB40 5_2_0327AB40
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03276BD7 5_2_03276BD7
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031BEA80 5_2_031BEA80
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031D6962 5_2_031D6962
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0328A9A6 5_2_0328A9A6
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C29A0 5_2_031C29A0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031CA840 5_2_031CA840
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C2840 5_2_031C2840
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031A68B8 5_2_031A68B8
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031EE8F0 5_2_031EE8F0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03202F28 5_2_03202F28
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03262F30 5_2_03262F30
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031E0F30 5_2_031E0F30
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03234F40 5_2_03234F40
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0323EFA0 5_2_0323EFA0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031B2FC8 5_2_031B2FC8
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031CCFE0 5_2_031CCFE0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327EE26 5_2_0327EE26
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C0E59 5_2_031C0E59
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031D2E90 5_2_031D2E90
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327CE93 5_2_0327CE93
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327EEDB 5_2_0327EEDB
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031CAD00 5_2_031CAD00
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0325CD1F 5_2_0325CD1F
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031D8DBF 5_2_031D8DBF
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031BADE0 5_2_031BADE0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C0C00 5_2_031C0C00
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03260CB5 5_2_03260CB5
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031B0CF2 5_2_031B0CF2
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327132D 5_2_0327132D
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031AD34C 5_2_031AD34C
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0320739A 5_2_0320739A
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C52A0 5_2_031C52A0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032612ED 5_2_032612ED
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031DB2C0 5_2_031DB2C0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0328B16B 5_2_0328B16B
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031AF172 5_2_031AF172
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031F516C 5_2_031F516C
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031CB1B0 5_2_031CB1B0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327F0E0 5_2_0327F0E0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032770E9 5_2_032770E9
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C70C0 5_2_031C70C0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0326F0CC 5_2_0326F0CC
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327F7B0 5_2_0327F7B0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03205630 5_2_03205630
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032716CC 5_2_032716CC
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03277571 5_2_03277571
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0325D5B0 5_2_0325D5B0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_032895C3 5_2_032895C3
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327F43F 5_2_0327F43F
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031B1460 5_2_031B1460
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327FB76 5_2_0327FB76
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031DFB80 5_2_031DFB80
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03235BF0 5_2_03235BF0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031FDBF9 5_2_031FDBF9
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03233A6C 5_2_03233A6C
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03277A46 5_2_03277A46
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327FA49 5_2_0327FA49
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03205AA0 5_2_03205AA0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03261AA3 5_2_03261AA3
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0325DAAC 5_2_0325DAAC
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0326DAC6 5_2_0326DAC6
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03255910 5_2_03255910
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C9950 5_2_031C9950
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031DB950 5_2_031DB950
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0322D800 5_2_0322D800
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C38E0 5_2_031C38E0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327FF09 5_2_0327FF09
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C1F92 5_2_031C1F92
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327FFB1 5_2_0327FFB1
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03183FD2 5_2_03183FD2
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03183FD5 5_2_03183FD5
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C9EB0 5_2_031C9EB0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03277D73 5_2_03277D73
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031C3D40 5_2_031C3D40
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03271D5A 5_2_03271D5A
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031DFDC0 5_2_031DFDC0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_03239C32 5_2_03239C32
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0327FCF2 5_2_0327FCF2
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A618C0 5_2_02A618C0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A7A2E0 5_2_02A7A2E0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A5CACE 5_2_02A5CACE
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A5CAD0 5_2_02A5CAD0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A5CCF0 5_2_02A5CCF0
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A5AD70 5_2_02A5AD70
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A633E0 5_2_02A633E0
Found potential string decryption / allocating functions
Source: C:\Windows\SysWOW64\nslookup.exe Code function: String function: 0323F290 appears 105 times
Source: C:\Windows\SysWOW64\nslookup.exe Code function: String function: 031AB970 appears 280 times
Source: C:\Windows\SysWOW64\nslookup.exe Code function: String function: 03207E54 appears 111 times
Source: C:\Windows\SysWOW64\nslookup.exe Code function: String function: 0322EA12 appears 86 times
Source: C:\Windows\SysWOW64\nslookup.exe Code function: String function: 031F5130 appears 58 times
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: String function: 0165EA12 appears 86 times
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: String function: 0166F290 appears 105 times
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: String function: 015DB970 appears 280 times
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: String function: 01625130 appears 58 times
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: String function: 01637E54 appears 111 times
PE / OLE file has an invalid certificate
Source: Purchase Order_20240528.exe Static PE information: invalid certificate
Sample file is different than original file name gathered from version info
Source: Purchase Order_20240528.exe, 00000000.00000002.2087413581.0000000005280000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000000.00000002.2084141939.00000000009FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000000.00000002.2085247193.0000000002805000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000000.00000002.2088150699.0000000006C70000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000000.00000000.2065405784.00000000004A0000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameromN.exe" vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000000.00000002.2085740892.000000000398E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001189000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenslookup.exej% vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenslookup.exej% vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order_20240528.exe
Source: Purchase Order_20240528.exe Binary or memory string: OriginalFilenameromN.exe" vs Purchase Order_20240528.exe
Uses 32bit PE files
Source: Purchase Order_20240528.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Purchase Order_20240528.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: _0020.SetAccessControl
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: _0020.AddAccessRule
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, wHVIVE5avXWDL9RIrc.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, wHVIVE5avXWDL9RIrc.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, wHVIVE5avXWDL9RIrc.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: _0020.SetAccessControl
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: _0020.AddAccessRule
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: _0020.SetAccessControl
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@7/2@15/13
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order_20240528.exe.log Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\nslookup.exe File created: C:\Users\user\AppData\Local\Temp\7--93mK- Jump to behavior
Source: Purchase Order_20240528.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Purchase Order_20240528.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: nslookup.exe, 00000005.00000003.2409548605.0000000002BE2000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2409548605.0000000002BAF000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4534212709.0000000002BE2000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4534212709.0000000002BAF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: Purchase Order_20240528.exe Virustotal: Detection: 41%
Source: Purchase Order_20240528.exe ReversingLabs: Detection: 26%
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe File read: C:\Users\user\Desktop\Purchase Order_20240528.exe:Zone.Identifier Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe"
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe"
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
Source: C:\Windows\SysWOW64\nslookup.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe" Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: Purchase Order_20240528.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Purchase Order_20240528.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: nslookup.pdb source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nslookup.pdbGCTL source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2132913413.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2285918681.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: wntdll.pdbUGP source: Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Purchase Order_20240528.exe, Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: Purchase Order_20240528.exe, Form1.cs .Net Code: InitializeComponent
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.cs .Net Code: ojexD5sK3l System.Reflection.Assembly.Load(byte[])
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.cs .Net Code: ojexD5sK3l System.Reflection.Assembly.Load(byte[])
Source: 0.2.Purchase Order_20240528.exe.2815b80.0.raw.unpack, .cs .Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.Purchase Order_20240528.exe.5280000.6.raw.unpack, .cs .Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.cs .Net Code: ojexD5sK3l System.Reflection.Assembly.Load(byte[])
Source: 5.2.nslookup.exe.384cd08.2.raw.unpack, Form1.cs .Net Code: InitializeComponent
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_00E1CCB1 push 3800EABBh; retf 0_2_00E1CCBD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 0_2_00E19235 push ss; retf 0_2_00E19236
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015B225F pushad ; ret 3_2_015B27F9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015B27FA pushad ; ret 3_2_015B27F9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E09AD push ecx; mov dword ptr [esp], ecx 3_2_015E09B6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015B283D push eax; iretd 3_2_015B2858
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00418367 push ss; retf 3_2_00418372
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00418311 push ss; retf 3_2_00418372
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00414446 pushfd ; ret 3_2_00414454
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_004087A1 push esp; iretd 3_2_004087C4
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0041A96D pushad ; retf 3_2_0041A96E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0041CC98 push ebx; retf 3_2_0041CCBB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0040CE71 push edx; iretd 3_2_0040CE7B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0040D5FC push ds; iretd 3_2_0040D60B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0040D641 push ds; iretd 3_2_0040D60B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0040D85E push 6594F3BCh; retf 3_2_0040D865
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00407A78 push FFFFFFB4h; ret 3_2_00407A7C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00413C15 push ecx; retf 4E5Bh 3_2_00413C31
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00423D63 push eax; iretd 3_2_00423DB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00417F65 push esp; retf 3_2_00417F8A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_00425F03 push ebx; iretd 3_2_00425FF9
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0318225F pushad ; ret 5_2_031827F9
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031827FA pushad ; ret 5_2_031827F9
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_031B09AD push ecx; mov dword ptr [esp], ecx 5_2_031B09B6
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0318283D push eax; iretd 5_2_03182858
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_0318135E push eax; iretd 5_2_03181369
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A70720 push eax; iretd 5_2_02A7076D
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A70712 push eax; iretd 5_2_02A7076D
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A54435 push FFFFFFB4h; ret 5_2_02A54439
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A605D2 push ecx; retf 4E5Bh 5_2_02A605EE
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A728C0 push ebx; iretd 5_2_02A729B6
Source: Purchase Order_20240528.exe Static PE information: section name: .text entropy: 7.971095603069869
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, vIxLQ9MsCwcQkaGqIj.cs High entropy of concatenated method names: 'OMZZEJXLV4', 'aBDZ1bCURr', 'QDdZDniLoL', 'DxTZybg979', 'BemZYq7PUy', 'wTvZqrenTv', 'NR8Zmu9oS5', 'ydMZs4I6hh', 'maGQwWceNvCk1MyCxW5', 'jJXS5EcBbT05Ws7ES3j'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, LX5jsnwAlxmk5irAo7.cs High entropy of concatenated method names: 'r41o9oehfF', 'OC1oj4S8cB', 'uEPBSElF3M', 'i5PBTnFWEX', 'bH1oG0UFYu', 'Rjto3VhpBA', 's3JoJF6bXd', 'lIhouVhMOQ', 'hFio0L8yc7', 'BREoWJPoyp'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, X3E8c1Wi6jhLZirVls.cs High entropy of concatenated method names: 'ToString', 'N9ERGhBfI6', 'lBXROr8hS9', 'XX5Re9M36c', 'xdmRMvPhxL', 'kQHRKSQ3BY', 'CIuRC05BDE', 'nbdRa7lYlP', 'IZNR8iqUZn', 'BRCRfpNxtr'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, jPJ3l2QK6gtApY0G9A.cs High entropy of concatenated method names: 'Dispose', 'UkUTFDGZNe', 'XBbAOCGpxm', 'vPWAAMnhpO', 'pAMTjZvlLl', 'hfkTzaw37Y', 'ProcessDialogKey', 'kG6ASxIt3I', 'FPkATgyOMT', 'Y3eAArGeWP'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, AxIt3IFgPkgyOMTj3e.cs High entropy of concatenated method names: 'yHaBgMuSZk', 'AbWBOtaKva', 'GATBeEmE31', 'dIgBMdqWGP', 'U3eBuP4AtM', 'tjWBK4dex3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, utOO9LJhS14kuWKB8b.cs High entropy of concatenated method names: 'CG1k5Angt2', 'wuUkmPbdvi', 'Lnrkg0QL2j', 'H6AkOLoF1J', 'Mj4kMujyKx', 'VLekKdKb8r', 'tonkaMlEZI', 'zMVk80ZmUH', 'zUJkHiW4bt', 'rlhkG24wim'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, LBJhZvsXM9Poch9qRF.cs High entropy of concatenated method names: 'xpcL6G2bgX', 'heiLqbWuMo', 'tRyXeltoFc', 'MwWXMm6yYT', 'UD9XKh097K', 'tSdXC63v6H', 'ofVXajxjNK', 'kCkX8uFcrK', 'weUXfJH0t6', 'Q7GXH9lqiR'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, laNNGDaa1A73ahvoq9.cs High entropy of concatenated method names: 'Tngi2bujNT', 'UYyiX1pN4y', 'xlpiZPMgm2', 'Nd2Zj5TyLS', 'P83ZzaJVus', 'tWViSX6PED', 'hZDiThh6oo', 'q6jiApOBay', 'mXxi7skXll', 'Cw4ixGdjHq'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, IgDTacu5vQcOrwm4pA.cs High entropy of concatenated method names: 'By5cHafBZn', 'BYWc3BU4Jp', 'hCmcuFlieL', 'k7dc0YNPnJ', 'FFucOVSpym', 'OsxceYfQDF', 'tG2cMVjPWl', 'zGtcK4pVe0', 'qVOcC2ih7K', 'HiDcaJNRj4'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, wHVIVE5avXWDL9RIrc.cs High entropy of concatenated method names: 'jJ7QuofcSb', 'JElQ0bT2qn', 'XKdQWYEJjx', 'tlMQnvkSY0', 'hilQdyx0xe', 'Q5mQwdNfAZ', 'FPJQpWcqiZ', 'LJnQ9Ome36', 'zbBQFAsvSU', 'UPcQjOB6tQ'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.cs High entropy of concatenated method names: 'x0j7tPfKNs', 'IZ37252hkO', 'p8x7QZuY2c', 'nbZ7XgilOd', 'XE57LByv20', 'eC77ZBF7QY', 'Q797iGCl3d', 'J8J7r1IMEJ', 'cik7VB9dUZ', 'ldS7hopjkh'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, kGeWP0jdqfW8t05Vsr.cs High entropy of concatenated method names: 'FStbT9GNgj', 'RPhb71LGr7', 'CYjbxTSNbX', 'bIhb2oPFdX', 'i6NbQK1hrg', 'xrlbLIxekp', 'xxEbZyQnQN', 'vZwBp0HWVG', 'KsWB999MVK', 'UOGBFSO6O4'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, BJ8mg0mwEhLKlijblM.cs High entropy of concatenated method names: 'CCJXyCqyWO', 'JZxXYqvk4L', 'Tl3X5Yecl3', 'A2hXmpabPd', 'jboXcQ7Qtd', 'PGgXRBp0fr', 'RXKXoJENXQ', 'XkjXBO08DQ', 'SnjXbHihhX', 'MHmXUrsUHf'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, Iyxd2hT7F3ceptmnRAC.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'drdUuWJGuj', 'dXbU010c2F', 'mGjUWBGWIJ', 'riYUn4Igdo', 'Sf8UdsPiGp', 'nv0UwcTPEK', 'B4AUppYnf2'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, EfqCIiA0MeMcoJJOWE.cs High entropy of concatenated method names: 'hsXD5tUFk', 'moyy5S3Op', 'k9OYeYW3m', 'sgTqp7oEM', 'mrYmWiXem', 'sVZs0bPMj', 'Js3y0EPUeOE376E1pa', 'yvFAAkj79OxgWmTodd', 'gXpBo7Kq7', 'AjkUVRCG2'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, RCafVKzvRZCyLPbNSs.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'auTbkfeDes', 'IjUbcwHDOw', 'wkibReHduc', 'Mtiboe8j25', 'jc8bBIR3jR', 'rY1bbrfjEH', 'fApbUemK8c'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, nhx42kgPpNDJ8ldnY6.cs High entropy of concatenated method names: 'GaAZtDeP5u', 'Qo7ZQmuUBI', 'ePBZLLNebC', 'A24Zi1jxST', 'q6mZrNDXO2', 'OAWLdTnkGR', 'Cp9LwrdoTO', 'PfpLpyWI5f', 'jTtL9hxZK3', 'snZLF8nDFb'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, iKlnrXfiLbCbH1pXku.cs High entropy of concatenated method names: 'EJii1mSEXC', 'mnEivSCd35', 'sqkiDPiwC4', 'XRliySg4ia', 'uZyi6fqKBM', 'JJJiYUTC30', 'OjWiqKxHNW', 'I2Ii52LgIg', 'DntimFcKcU', 'kPtisiUIRT'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, Fi83WJCdaDIbw1hFZY.cs High entropy of concatenated method names: 'bYmZW71mkX', 'WqyZnNReMA', 'hWGZd9PcVl', 'ToString', 'G37Zw6cFoS', 'hs5ZphOpXQ', 'ICjx2BcDxLgkTiCAhMu', 'M3G3QXcpbT03f4AVbQt'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, KfZZI5xi9gi0wyGNgg.cs High entropy of concatenated method names: 'MnITiHVIVE', 'LvXTrWDL9R', 'SwEThhLKli', 'YblT4MaBJh', 'l9qTcRF4hx', 'm2kTRPpNDJ', 'lJx89bLSfdSh6Q4T6b', 'c9wEinkhQBn1u8f69Y', 'Jb8TT0E4x9', 'mA6T7MNFvS'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, FDnQ1GTSbdEiBe64ky8.cs High entropy of concatenated method names: 'ioXb1182pg', 'JubbvNfJoE', 'OavbDwEwg3', 'l7Yby9LLBY', 'vunb6WkSiC', 'C5qbYH6se9', 'xSubqhLrqQ', 'oxHb5bMTYp', 'upDbmGNHCa', 'GiNbsF2GIk'
Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, cMZvlL9lXfkaw37YrG.cs High entropy of concatenated method names: 'tFrB2Ae0yg', 'WmSBQeL5cY', 'zdQBXMpD4M', 'rVOBL6qors', 'NXBBZEyw8E', 'UWLBiUlZ3X', 'PcCBrEiRp1', 'xcuBVrrO25', 'eFjBhi9Qpd', 'tumB4NOYoK'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, vIxLQ9MsCwcQkaGqIj.cs High entropy of concatenated method names: 'OMZZEJXLV4', 'aBDZ1bCURr', 'QDdZDniLoL', 'DxTZybg979', 'BemZYq7PUy', 'wTvZqrenTv', 'NR8Zmu9oS5', 'ydMZs4I6hh', 'maGQwWceNvCk1MyCxW5', 'jJXS5EcBbT05Ws7ES3j'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, LX5jsnwAlxmk5irAo7.cs High entropy of concatenated method names: 'r41o9oehfF', 'OC1oj4S8cB', 'uEPBSElF3M', 'i5PBTnFWEX', 'bH1oG0UFYu', 'Rjto3VhpBA', 's3JoJF6bXd', 'lIhouVhMOQ', 'hFio0L8yc7', 'BREoWJPoyp'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, X3E8c1Wi6jhLZirVls.cs High entropy of concatenated method names: 'ToString', 'N9ERGhBfI6', 'lBXROr8hS9', 'XX5Re9M36c', 'xdmRMvPhxL', 'kQHRKSQ3BY', 'CIuRC05BDE', 'nbdRa7lYlP', 'IZNR8iqUZn', 'BRCRfpNxtr'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, jPJ3l2QK6gtApY0G9A.cs High entropy of concatenated method names: 'Dispose', 'UkUTFDGZNe', 'XBbAOCGpxm', 'vPWAAMnhpO', 'pAMTjZvlLl', 'hfkTzaw37Y', 'ProcessDialogKey', 'kG6ASxIt3I', 'FPkATgyOMT', 'Y3eAArGeWP'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, AxIt3IFgPkgyOMTj3e.cs High entropy of concatenated method names: 'yHaBgMuSZk', 'AbWBOtaKva', 'GATBeEmE31', 'dIgBMdqWGP', 'U3eBuP4AtM', 'tjWBK4dex3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, utOO9LJhS14kuWKB8b.cs High entropy of concatenated method names: 'CG1k5Angt2', 'wuUkmPbdvi', 'Lnrkg0QL2j', 'H6AkOLoF1J', 'Mj4kMujyKx', 'VLekKdKb8r', 'tonkaMlEZI', 'zMVk80ZmUH', 'zUJkHiW4bt', 'rlhkG24wim'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, LBJhZvsXM9Poch9qRF.cs High entropy of concatenated method names: 'xpcL6G2bgX', 'heiLqbWuMo', 'tRyXeltoFc', 'MwWXMm6yYT', 'UD9XKh097K', 'tSdXC63v6H', 'ofVXajxjNK', 'kCkX8uFcrK', 'weUXfJH0t6', 'Q7GXH9lqiR'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, laNNGDaa1A73ahvoq9.cs High entropy of concatenated method names: 'Tngi2bujNT', 'UYyiX1pN4y', 'xlpiZPMgm2', 'Nd2Zj5TyLS', 'P83ZzaJVus', 'tWViSX6PED', 'hZDiThh6oo', 'q6jiApOBay', 'mXxi7skXll', 'Cw4ixGdjHq'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, IgDTacu5vQcOrwm4pA.cs High entropy of concatenated method names: 'By5cHafBZn', 'BYWc3BU4Jp', 'hCmcuFlieL', 'k7dc0YNPnJ', 'FFucOVSpym', 'OsxceYfQDF', 'tG2cMVjPWl', 'zGtcK4pVe0', 'qVOcC2ih7K', 'HiDcaJNRj4'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, wHVIVE5avXWDL9RIrc.cs High entropy of concatenated method names: 'jJ7QuofcSb', 'JElQ0bT2qn', 'XKdQWYEJjx', 'tlMQnvkSY0', 'hilQdyx0xe', 'Q5mQwdNfAZ', 'FPJQpWcqiZ', 'LJnQ9Ome36', 'zbBQFAsvSU', 'UPcQjOB6tQ'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.cs High entropy of concatenated method names: 'x0j7tPfKNs', 'IZ37252hkO', 'p8x7QZuY2c', 'nbZ7XgilOd', 'XE57LByv20', 'eC77ZBF7QY', 'Q797iGCl3d', 'J8J7r1IMEJ', 'cik7VB9dUZ', 'ldS7hopjkh'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, kGeWP0jdqfW8t05Vsr.cs High entropy of concatenated method names: 'FStbT9GNgj', 'RPhb71LGr7', 'CYjbxTSNbX', 'bIhb2oPFdX', 'i6NbQK1hrg', 'xrlbLIxekp', 'xxEbZyQnQN', 'vZwBp0HWVG', 'KsWB999MVK', 'UOGBFSO6O4'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, BJ8mg0mwEhLKlijblM.cs High entropy of concatenated method names: 'CCJXyCqyWO', 'JZxXYqvk4L', 'Tl3X5Yecl3', 'A2hXmpabPd', 'jboXcQ7Qtd', 'PGgXRBp0fr', 'RXKXoJENXQ', 'XkjXBO08DQ', 'SnjXbHihhX', 'MHmXUrsUHf'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, Iyxd2hT7F3ceptmnRAC.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'drdUuWJGuj', 'dXbU010c2F', 'mGjUWBGWIJ', 'riYUn4Igdo', 'Sf8UdsPiGp', 'nv0UwcTPEK', 'B4AUppYnf2'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, EfqCIiA0MeMcoJJOWE.cs High entropy of concatenated method names: 'hsXD5tUFk', 'moyy5S3Op', 'k9OYeYW3m', 'sgTqp7oEM', 'mrYmWiXem', 'sVZs0bPMj', 'Js3y0EPUeOE376E1pa', 'yvFAAkj79OxgWmTodd', 'gXpBo7Kq7', 'AjkUVRCG2'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, RCafVKzvRZCyLPbNSs.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'auTbkfeDes', 'IjUbcwHDOw', 'wkibReHduc', 'Mtiboe8j25', 'jc8bBIR3jR', 'rY1bbrfjEH', 'fApbUemK8c'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, nhx42kgPpNDJ8ldnY6.cs High entropy of concatenated method names: 'GaAZtDeP5u', 'Qo7ZQmuUBI', 'ePBZLLNebC', 'A24Zi1jxST', 'q6mZrNDXO2', 'OAWLdTnkGR', 'Cp9LwrdoTO', 'PfpLpyWI5f', 'jTtL9hxZK3', 'snZLF8nDFb'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, iKlnrXfiLbCbH1pXku.cs High entropy of concatenated method names: 'EJii1mSEXC', 'mnEivSCd35', 'sqkiDPiwC4', 'XRliySg4ia', 'uZyi6fqKBM', 'JJJiYUTC30', 'OjWiqKxHNW', 'I2Ii52LgIg', 'DntimFcKcU', 'kPtisiUIRT'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, Fi83WJCdaDIbw1hFZY.cs High entropy of concatenated method names: 'bYmZW71mkX', 'WqyZnNReMA', 'hWGZd9PcVl', 'ToString', 'G37Zw6cFoS', 'hs5ZphOpXQ', 'ICjx2BcDxLgkTiCAhMu', 'M3G3QXcpbT03f4AVbQt'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, KfZZI5xi9gi0wyGNgg.cs High entropy of concatenated method names: 'MnITiHVIVE', 'LvXTrWDL9R', 'SwEThhLKli', 'YblT4MaBJh', 'l9qTcRF4hx', 'm2kTRPpNDJ', 'lJx89bLSfdSh6Q4T6b', 'c9wEinkhQBn1u8f69Y', 'Jb8TT0E4x9', 'mA6T7MNFvS'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, FDnQ1GTSbdEiBe64ky8.cs High entropy of concatenated method names: 'ioXb1182pg', 'JubbvNfJoE', 'OavbDwEwg3', 'l7Yby9LLBY', 'vunb6WkSiC', 'C5qbYH6se9', 'xSubqhLrqQ', 'oxHb5bMTYp', 'upDbmGNHCa', 'GiNbsF2GIk'
Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, cMZvlL9lXfkaw37YrG.cs High entropy of concatenated method names: 'tFrB2Ae0yg', 'WmSBQeL5cY', 'zdQBXMpD4M', 'rVOBL6qors', 'NXBBZEyw8E', 'UWLBiUlZ3X', 'PcCBrEiRp1', 'xcuBVrrO25', 'eFjBhi9Qpd', 'tumB4NOYoK'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, vIxLQ9MsCwcQkaGqIj.cs High entropy of concatenated method names: 'OMZZEJXLV4', 'aBDZ1bCURr', 'QDdZDniLoL', 'DxTZybg979', 'BemZYq7PUy', 'wTvZqrenTv', 'NR8Zmu9oS5', 'ydMZs4I6hh', 'maGQwWceNvCk1MyCxW5', 'jJXS5EcBbT05Ws7ES3j'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, LX5jsnwAlxmk5irAo7.cs High entropy of concatenated method names: 'r41o9oehfF', 'OC1oj4S8cB', 'uEPBSElF3M', 'i5PBTnFWEX', 'bH1oG0UFYu', 'Rjto3VhpBA', 's3JoJF6bXd', 'lIhouVhMOQ', 'hFio0L8yc7', 'BREoWJPoyp'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, X3E8c1Wi6jhLZirVls.cs High entropy of concatenated method names: 'ToString', 'N9ERGhBfI6', 'lBXROr8hS9', 'XX5Re9M36c', 'xdmRMvPhxL', 'kQHRKSQ3BY', 'CIuRC05BDE', 'nbdRa7lYlP', 'IZNR8iqUZn', 'BRCRfpNxtr'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, jPJ3l2QK6gtApY0G9A.cs High entropy of concatenated method names: 'Dispose', 'UkUTFDGZNe', 'XBbAOCGpxm', 'vPWAAMnhpO', 'pAMTjZvlLl', 'hfkTzaw37Y', 'ProcessDialogKey', 'kG6ASxIt3I', 'FPkATgyOMT', 'Y3eAArGeWP'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, AxIt3IFgPkgyOMTj3e.cs High entropy of concatenated method names: 'yHaBgMuSZk', 'AbWBOtaKva', 'GATBeEmE31', 'dIgBMdqWGP', 'U3eBuP4AtM', 'tjWBK4dex3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, utOO9LJhS14kuWKB8b.cs High entropy of concatenated method names: 'CG1k5Angt2', 'wuUkmPbdvi', 'Lnrkg0QL2j', 'H6AkOLoF1J', 'Mj4kMujyKx', 'VLekKdKb8r', 'tonkaMlEZI', 'zMVk80ZmUH', 'zUJkHiW4bt', 'rlhkG24wim'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, LBJhZvsXM9Poch9qRF.cs High entropy of concatenated method names: 'xpcL6G2bgX', 'heiLqbWuMo', 'tRyXeltoFc', 'MwWXMm6yYT', 'UD9XKh097K', 'tSdXC63v6H', 'ofVXajxjNK', 'kCkX8uFcrK', 'weUXfJH0t6', 'Q7GXH9lqiR'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, laNNGDaa1A73ahvoq9.cs High entropy of concatenated method names: 'Tngi2bujNT', 'UYyiX1pN4y', 'xlpiZPMgm2', 'Nd2Zj5TyLS', 'P83ZzaJVus', 'tWViSX6PED', 'hZDiThh6oo', 'q6jiApOBay', 'mXxi7skXll', 'Cw4ixGdjHq'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, IgDTacu5vQcOrwm4pA.cs High entropy of concatenated method names: 'By5cHafBZn', 'BYWc3BU4Jp', 'hCmcuFlieL', 'k7dc0YNPnJ', 'FFucOVSpym', 'OsxceYfQDF', 'tG2cMVjPWl', 'zGtcK4pVe0', 'qVOcC2ih7K', 'HiDcaJNRj4'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, wHVIVE5avXWDL9RIrc.cs High entropy of concatenated method names: 'jJ7QuofcSb', 'JElQ0bT2qn', 'XKdQWYEJjx', 'tlMQnvkSY0', 'hilQdyx0xe', 'Q5mQwdNfAZ', 'FPJQpWcqiZ', 'LJnQ9Ome36', 'zbBQFAsvSU', 'UPcQjOB6tQ'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.cs High entropy of concatenated method names: 'x0j7tPfKNs', 'IZ37252hkO', 'p8x7QZuY2c', 'nbZ7XgilOd', 'XE57LByv20', 'eC77ZBF7QY', 'Q797iGCl3d', 'J8J7r1IMEJ', 'cik7VB9dUZ', 'ldS7hopjkh'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, kGeWP0jdqfW8t05Vsr.cs High entropy of concatenated method names: 'FStbT9GNgj', 'RPhb71LGr7', 'CYjbxTSNbX', 'bIhb2oPFdX', 'i6NbQK1hrg', 'xrlbLIxekp', 'xxEbZyQnQN', 'vZwBp0HWVG', 'KsWB999MVK', 'UOGBFSO6O4'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, BJ8mg0mwEhLKlijblM.cs High entropy of concatenated method names: 'CCJXyCqyWO', 'JZxXYqvk4L', 'Tl3X5Yecl3', 'A2hXmpabPd', 'jboXcQ7Qtd', 'PGgXRBp0fr', 'RXKXoJENXQ', 'XkjXBO08DQ', 'SnjXbHihhX', 'MHmXUrsUHf'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, Iyxd2hT7F3ceptmnRAC.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'drdUuWJGuj', 'dXbU010c2F', 'mGjUWBGWIJ', 'riYUn4Igdo', 'Sf8UdsPiGp', 'nv0UwcTPEK', 'B4AUppYnf2'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, EfqCIiA0MeMcoJJOWE.cs High entropy of concatenated method names: 'hsXD5tUFk', 'moyy5S3Op', 'k9OYeYW3m', 'sgTqp7oEM', 'mrYmWiXem', 'sVZs0bPMj', 'Js3y0EPUeOE376E1pa', 'yvFAAkj79OxgWmTodd', 'gXpBo7Kq7', 'AjkUVRCG2'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, RCafVKzvRZCyLPbNSs.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'auTbkfeDes', 'IjUbcwHDOw', 'wkibReHduc', 'Mtiboe8j25', 'jc8bBIR3jR', 'rY1bbrfjEH', 'fApbUemK8c'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, nhx42kgPpNDJ8ldnY6.cs High entropy of concatenated method names: 'GaAZtDeP5u', 'Qo7ZQmuUBI', 'ePBZLLNebC', 'A24Zi1jxST', 'q6mZrNDXO2', 'OAWLdTnkGR', 'Cp9LwrdoTO', 'PfpLpyWI5f', 'jTtL9hxZK3', 'snZLF8nDFb'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, iKlnrXfiLbCbH1pXku.cs High entropy of concatenated method names: 'EJii1mSEXC', 'mnEivSCd35', 'sqkiDPiwC4', 'XRliySg4ia', 'uZyi6fqKBM', 'JJJiYUTC30', 'OjWiqKxHNW', 'I2Ii52LgIg', 'DntimFcKcU', 'kPtisiUIRT'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, Fi83WJCdaDIbw1hFZY.cs High entropy of concatenated method names: 'bYmZW71mkX', 'WqyZnNReMA', 'hWGZd9PcVl', 'ToString', 'G37Zw6cFoS', 'hs5ZphOpXQ', 'ICjx2BcDxLgkTiCAhMu', 'M3G3QXcpbT03f4AVbQt'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, KfZZI5xi9gi0wyGNgg.cs High entropy of concatenated method names: 'MnITiHVIVE', 'LvXTrWDL9R', 'SwEThhLKli', 'YblT4MaBJh', 'l9qTcRF4hx', 'm2kTRPpNDJ', 'lJx89bLSfdSh6Q4T6b', 'c9wEinkhQBn1u8f69Y', 'Jb8TT0E4x9', 'mA6T7MNFvS'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, FDnQ1GTSbdEiBe64ky8.cs High entropy of concatenated method names: 'ioXb1182pg', 'JubbvNfJoE', 'OavbDwEwg3', 'l7Yby9LLBY', 'vunb6WkSiC', 'C5qbYH6se9', 'xSubqhLrqQ', 'oxHb5bMTYp', 'upDbmGNHCa', 'GiNbsF2GIk'
Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, cMZvlL9lXfkaw37YrG.cs High entropy of concatenated method names: 'tFrB2Ae0yg', 'WmSBQeL5cY', 'zdQBXMpD4M', 'rVOBL6qors', 'NXBBZEyw8E', 'UWLBiUlZ3X', 'PcCBrEiRp1', 'xcuBVrrO25', 'eFjBhi9Qpd', 'tumB4NOYoK'
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: Purchase Order_20240528.exe PID: 1764, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: E10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: 27B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: 47B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: 8A80000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: 74C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: 9A80000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: AA80000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162096E rdtsc 3_2_0162096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\nslookup.exe Window / User API: threadDelayed 9826 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe API coverage: 0.6 %
Source: C:\Windows\SysWOW64\nslookup.exe API coverage: 2.3 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe TID: 4032 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816 Thread sleep count: 147 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816 Thread sleep time: -294000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816 Thread sleep count: 9826 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816 Thread sleep time: -19652000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664 Thread sleep time: -75000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664 Thread sleep count: 39 > 30 Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664 Thread sleep time: -58500s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664 Thread sleep count: 41 > 30 Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664 Thread sleep time: -41000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\nslookup.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\nslookup.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\nslookup.exe Code function: 5_2_02A6BD30 FindFirstFileW,FindNextFileW,FindClose, 5_2_02A6BD30
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: 7--93mK-.5.dr Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: 7--93mK-.5.dr Binary or memory string: discord.comVMware20,11696487552f
Source: 7--93mK-.5.dr Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AMC password management pageVMware20,11696487552#
Source: 7--93mK-.5.dr Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: 7--93mK-.5.dr Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: global block list test formVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: tasks.office.comVMware20,11696487552o
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: e365.comVMware20,11696487552t
Source: 7--93mK-.5.dr Binary or memory string: AMC password management pageVMware20,11696487552
Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B2F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 7--93mK-.5.dr Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: 7--93mK-.5.dr Binary or memory string: dev.azure.comVMware20,11696487552j
Source: 7--93mK-.5.dr Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: 7--93mK-.5.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: 7--93mK-.5.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: x.intuit.comVMware20,11696487552t
Source: 7--93mK-.5.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: 7--93mK-.5.dr Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: 7--93mK-.5.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: discord.comVMware20,1_
Source: 7--93mK-.5.dr Binary or memory string: outlook.office.comVMware20,11696487552s
Source: 7--93mK-.5.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: 7--93mK-.5.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: 7--93mK-.5.dr Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: tportal.hdfcbank.comVMware20,11696487552
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4538062090.0000000000B2F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
Source: 7--93mK-.5.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: 7--93mK-.5.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: firefox.exe, 00000009.00000002.2514682215.000001F10F10F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllHH
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162096E rdtsc 3_2_0162096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622B60 NtClose,LdrInitializeThunk, 3_2_01622B60
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6154 mov eax, dword ptr fs:[00000030h] 3_2_015E6154
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6154 mov eax, dword ptr fs:[00000030h] 3_2_015E6154
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DC156 mov eax, dword ptr fs:[00000030h] 3_2_015DC156
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4164 mov eax, dword ptr fs:[00000030h] 3_2_016B4164
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4164 mov eax, dword ptr fs:[00000030h] 3_2_016B4164
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01674144 mov eax, dword ptr fs:[00000030h] 3_2_01674144
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01674144 mov eax, dword ptr fs:[00000030h] 3_2_01674144
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01674144 mov ecx, dword ptr fs:[00000030h] 3_2_01674144
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01674144 mov eax, dword ptr fs:[00000030h] 3_2_01674144
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01674144 mov eax, dword ptr fs:[00000030h] 3_2_01674144
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01678158 mov eax, dword ptr fs:[00000030h] 3_2_01678158
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01610124 mov eax, dword ptr fs:[00000030h] 3_2_01610124
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h] 3_2_0168E10E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168A118 mov ecx, dword ptr fs:[00000030h] 3_2_0168A118
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168A118 mov eax, dword ptr fs:[00000030h] 3_2_0168A118
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168A118 mov eax, dword ptr fs:[00000030h] 3_2_0168A118
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168A118 mov eax, dword ptr fs:[00000030h] 3_2_0168A118
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A0115 mov eax, dword ptr fs:[00000030h] 3_2_016A0115
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B61E5 mov eax, dword ptr fs:[00000030h] 3_2_016B61E5
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016101F8 mov eax, dword ptr fs:[00000030h] 3_2_016101F8
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A61C3 mov eax, dword ptr fs:[00000030h] 3_2_016A61C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A61C3 mov eax, dword ptr fs:[00000030h] 3_2_016A61C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0165E1D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0165E1D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E1D0 mov ecx, dword ptr fs:[00000030h] 3_2_0165E1D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0165E1D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0165E1D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DA197 mov eax, dword ptr fs:[00000030h] 3_2_015DA197
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DA197 mov eax, dword ptr fs:[00000030h] 3_2_015DA197
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DA197 mov eax, dword ptr fs:[00000030h] 3_2_015DA197
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169C188 mov eax, dword ptr fs:[00000030h] 3_2_0169C188
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169C188 mov eax, dword ptr fs:[00000030h] 3_2_0169C188
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01620185 mov eax, dword ptr fs:[00000030h] 3_2_01620185
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01684180 mov eax, dword ptr fs:[00000030h] 3_2_01684180
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01684180 mov eax, dword ptr fs:[00000030h] 3_2_01684180
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166019F mov eax, dword ptr fs:[00000030h] 3_2_0166019F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166019F mov eax, dword ptr fs:[00000030h] 3_2_0166019F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166019F mov eax, dword ptr fs:[00000030h] 3_2_0166019F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166019F mov eax, dword ptr fs:[00000030h] 3_2_0166019F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E2050 mov eax, dword ptr fs:[00000030h] 3_2_015E2050
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160C073 mov eax, dword ptr fs:[00000030h] 3_2_0160C073
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666050 mov eax, dword ptr fs:[00000030h] 3_2_01666050
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h] 3_2_015FE016
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h] 3_2_015FE016
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h] 3_2_015FE016
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h] 3_2_015FE016
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01676030 mov eax, dword ptr fs:[00000030h] 3_2_01676030
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01664000 mov ecx, dword ptr fs:[00000030h] 3_2_01664000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01682000 mov eax, dword ptr fs:[00000030h] 3_2_01682000
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DA020 mov eax, dword ptr fs:[00000030h] 3_2_015DA020
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DC020 mov eax, dword ptr fs:[00000030h] 3_2_015DC020
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016660E0 mov eax, dword ptr fs:[00000030h] 3_2_016660E0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016220F0 mov ecx, dword ptr fs:[00000030h] 3_2_016220F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DC0F0 mov eax, dword ptr fs:[00000030h] 3_2_015DC0F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E80E9 mov eax, dword ptr fs:[00000030h] 3_2_015E80E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016620DE mov eax, dword ptr fs:[00000030h] 3_2_016620DE
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DA0E3 mov ecx, dword ptr fs:[00000030h] 3_2_015DA0E3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016780A8 mov eax, dword ptr fs:[00000030h] 3_2_016780A8
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A60B8 mov eax, dword ptr fs:[00000030h] 3_2_016A60B8
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A60B8 mov ecx, dword ptr fs:[00000030h] 3_2_016A60B8
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E208A mov eax, dword ptr fs:[00000030h] 3_2_015E208A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D80A0 mov eax, dword ptr fs:[00000030h] 3_2_015D80A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168437C mov eax, dword ptr fs:[00000030h] 3_2_0168437C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B634F mov eax, dword ptr fs:[00000030h] 3_2_016B634F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01662349 mov eax, dword ptr fs:[00000030h] 3_2_01662349
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AA352 mov eax, dword ptr fs:[00000030h] 3_2_016AA352
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01688350 mov ecx, dword ptr fs:[00000030h] 3_2_01688350
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166035C mov eax, dword ptr fs:[00000030h] 3_2_0166035C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166035C mov eax, dword ptr fs:[00000030h] 3_2_0166035C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166035C mov eax, dword ptr fs:[00000030h] 3_2_0166035C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166035C mov ecx, dword ptr fs:[00000030h] 3_2_0166035C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166035C mov eax, dword ptr fs:[00000030h] 3_2_0166035C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166035C mov eax, dword ptr fs:[00000030h] 3_2_0166035C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DC310 mov ecx, dword ptr fs:[00000030h] 3_2_015DC310
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B8324 mov eax, dword ptr fs:[00000030h] 3_2_016B8324
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B8324 mov ecx, dword ptr fs:[00000030h] 3_2_016B8324
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B8324 mov eax, dword ptr fs:[00000030h] 3_2_016B8324
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B8324 mov eax, dword ptr fs:[00000030h] 3_2_016B8324
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A30B mov eax, dword ptr fs:[00000030h] 3_2_0161A30B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A30B mov eax, dword ptr fs:[00000030h] 3_2_0161A30B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A30B mov eax, dword ptr fs:[00000030h] 3_2_0161A30B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01600310 mov ecx, dword ptr fs:[00000030h] 3_2_01600310
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h] 3_2_015E83C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h] 3_2_015E83C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h] 3_2_015E83C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h] 3_2_015E83C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_015EA3C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_015EA3C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_015EA3C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_015EA3C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_015EA3C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_015EA3C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016163FF mov eax, dword ptr fs:[00000030h] 3_2_016163FF
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169C3CD mov eax, dword ptr fs:[00000030h] 3_2_0169C3CD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016663C0 mov eax, dword ptr fs:[00000030h] 3_2_016663C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE3F0 mov eax, dword ptr fs:[00000030h] 3_2_015FE3F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE3F0 mov eax, dword ptr fs:[00000030h] 3_2_015FE3F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE3F0 mov eax, dword ptr fs:[00000030h] 3_2_015FE3F0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E3DB mov eax, dword ptr fs:[00000030h] 3_2_0168E3DB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E3DB mov eax, dword ptr fs:[00000030h] 3_2_0168E3DB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E3DB mov ecx, dword ptr fs:[00000030h] 3_2_0168E3DB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168E3DB mov eax, dword ptr fs:[00000030h] 3_2_0168E3DB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h] 3_2_015F03E9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016843D4 mov eax, dword ptr fs:[00000030h] 3_2_016843D4
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016843D4 mov eax, dword ptr fs:[00000030h] 3_2_016843D4
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D8397 mov eax, dword ptr fs:[00000030h] 3_2_015D8397
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D8397 mov eax, dword ptr fs:[00000030h] 3_2_015D8397
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D8397 mov eax, dword ptr fs:[00000030h] 3_2_015D8397
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DE388 mov eax, dword ptr fs:[00000030h] 3_2_015DE388
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DE388 mov eax, dword ptr fs:[00000030h] 3_2_015DE388
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DE388 mov eax, dword ptr fs:[00000030h] 3_2_015DE388
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160438F mov eax, dword ptr fs:[00000030h] 3_2_0160438F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160438F mov eax, dword ptr fs:[00000030h] 3_2_0160438F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6259 mov eax, dword ptr fs:[00000030h] 3_2_015E6259
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DA250 mov eax, dword ptr fs:[00000030h] 3_2_015DA250
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01690274 mov eax, dword ptr fs:[00000030h] 3_2_01690274
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01668243 mov eax, dword ptr fs:[00000030h] 3_2_01668243
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01668243 mov ecx, dword ptr fs:[00000030h] 3_2_01668243
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D826B mov eax, dword ptr fs:[00000030h] 3_2_015D826B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B625D mov eax, dword ptr fs:[00000030h] 3_2_016B625D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169A250 mov eax, dword ptr fs:[00000030h] 3_2_0169A250
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169A250 mov eax, dword ptr fs:[00000030h] 3_2_0169A250
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4260 mov eax, dword ptr fs:[00000030h] 3_2_015E4260
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4260 mov eax, dword ptr fs:[00000030h] 3_2_015E4260
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4260 mov eax, dword ptr fs:[00000030h] 3_2_015E4260
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D823B mov eax, dword ptr fs:[00000030h] 3_2_015D823B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_015EA2C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_015EA2C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_015EA2C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_015EA2C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_015EA2C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B62D6 mov eax, dword ptr fs:[00000030h] 3_2_016B62D6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F02E1 mov eax, dword ptr fs:[00000030h] 3_2_015F02E1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F02E1 mov eax, dword ptr fs:[00000030h] 3_2_015F02E1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F02E1 mov eax, dword ptr fs:[00000030h] 3_2_015F02E1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h] 3_2_016762A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016762A0 mov ecx, dword ptr fs:[00000030h] 3_2_016762A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h] 3_2_016762A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h] 3_2_016762A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h] 3_2_016762A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h] 3_2_016762A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01660283 mov eax, dword ptr fs:[00000030h] 3_2_01660283
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01660283 mov eax, dword ptr fs:[00000030h] 3_2_01660283
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01660283 mov eax, dword ptr fs:[00000030h] 3_2_01660283
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E284 mov eax, dword ptr fs:[00000030h] 3_2_0161E284
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E284 mov eax, dword ptr fs:[00000030h] 3_2_0161E284
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F02A0 mov eax, dword ptr fs:[00000030h] 3_2_015F02A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F02A0 mov eax, dword ptr fs:[00000030h] 3_2_015F02A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161656A mov eax, dword ptr fs:[00000030h] 3_2_0161656A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161656A mov eax, dword ptr fs:[00000030h] 3_2_0161656A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161656A mov eax, dword ptr fs:[00000030h] 3_2_0161656A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E8550 mov eax, dword ptr fs:[00000030h] 3_2_015E8550
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E8550 mov eax, dword ptr fs:[00000030h] 3_2_015E8550
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h] 3_2_0160E53E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h] 3_2_0160E53E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h] 3_2_0160E53E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h] 3_2_0160E53E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h] 3_2_0160E53E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01676500 mov eax, dword ptr fs:[00000030h] 3_2_01676500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h] 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h] 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h] 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h] 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h] 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h] 3_2_015F0535
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h] 3_2_016B4500
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0160E5E7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C5ED mov eax, dword ptr fs:[00000030h] 3_2_0161C5ED
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C5ED mov eax, dword ptr fs:[00000030h] 3_2_0161C5ED
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E65D0 mov eax, dword ptr fs:[00000030h] 3_2_015E65D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E5CF mov eax, dword ptr fs:[00000030h] 3_2_0161E5CF
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E5CF mov eax, dword ptr fs:[00000030h] 3_2_0161E5CF
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A5D0 mov eax, dword ptr fs:[00000030h] 3_2_0161A5D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A5D0 mov eax, dword ptr fs:[00000030h] 3_2_0161A5D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E25E0 mov eax, dword ptr fs:[00000030h] 3_2_015E25E0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016605A7 mov eax, dword ptr fs:[00000030h] 3_2_016605A7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016605A7 mov eax, dword ptr fs:[00000030h] 3_2_016605A7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016605A7 mov eax, dword ptr fs:[00000030h] 3_2_016605A7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016045B1 mov eax, dword ptr fs:[00000030h] 3_2_016045B1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016045B1 mov eax, dword ptr fs:[00000030h] 3_2_016045B1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E2582 mov eax, dword ptr fs:[00000030h] 3_2_015E2582
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E2582 mov ecx, dword ptr fs:[00000030h] 3_2_015E2582
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01614588 mov eax, dword ptr fs:[00000030h] 3_2_01614588
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E59C mov eax, dword ptr fs:[00000030h] 3_2_0161E59C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D645D mov eax, dword ptr fs:[00000030h] 3_2_015D645D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166C460 mov ecx, dword ptr fs:[00000030h] 3_2_0166C460
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160A470 mov eax, dword ptr fs:[00000030h] 3_2_0160A470
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160A470 mov eax, dword ptr fs:[00000030h] 3_2_0160A470
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160A470 mov eax, dword ptr fs:[00000030h] 3_2_0160A470
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h] 3_2_0161E443
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160245A mov eax, dword ptr fs:[00000030h] 3_2_0160245A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169A456 mov eax, dword ptr fs:[00000030h] 3_2_0169A456
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01666420 mov eax, dword ptr fs:[00000030h] 3_2_01666420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A430 mov eax, dword ptr fs:[00000030h] 3_2_0161A430
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01618402 mov eax, dword ptr fs:[00000030h] 3_2_01618402
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01618402 mov eax, dword ptr fs:[00000030h] 3_2_01618402
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01618402 mov eax, dword ptr fs:[00000030h] 3_2_01618402
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DC427 mov eax, dword ptr fs:[00000030h] 3_2_015DC427
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DE420 mov eax, dword ptr fs:[00000030h] 3_2_015DE420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DE420 mov eax, dword ptr fs:[00000030h] 3_2_015DE420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DE420 mov eax, dword ptr fs:[00000030h] 3_2_015DE420
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E04E5 mov ecx, dword ptr fs:[00000030h] 3_2_015E04E5
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016144B0 mov ecx, dword ptr fs:[00000030h] 3_2_016144B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166A4B0 mov eax, dword ptr fs:[00000030h] 3_2_0166A4B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0169A49A mov eax, dword ptr fs:[00000030h] 3_2_0169A49A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E64AB mov eax, dword ptr fs:[00000030h] 3_2_015E64AB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0750 mov eax, dword ptr fs:[00000030h] 3_2_015E0750
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161674D mov esi, dword ptr fs:[00000030h] 3_2_0161674D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161674D mov eax, dword ptr fs:[00000030h] 3_2_0161674D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161674D mov eax, dword ptr fs:[00000030h] 3_2_0161674D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E8770 mov eax, dword ptr fs:[00000030h] 3_2_015E8770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h] 3_2_015F0770
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622750 mov eax, dword ptr fs:[00000030h] 3_2_01622750
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622750 mov eax, dword ptr fs:[00000030h] 3_2_01622750
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01664755 mov eax, dword ptr fs:[00000030h] 3_2_01664755
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166E75D mov eax, dword ptr fs:[00000030h] 3_2_0166E75D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C720 mov eax, dword ptr fs:[00000030h] 3_2_0161C720
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C720 mov eax, dword ptr fs:[00000030h] 3_2_0161C720
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0710 mov eax, dword ptr fs:[00000030h] 3_2_015E0710
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165C730 mov eax, dword ptr fs:[00000030h] 3_2_0165C730
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161273C mov eax, dword ptr fs:[00000030h] 3_2_0161273C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161273C mov ecx, dword ptr fs:[00000030h] 3_2_0161273C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161273C mov eax, dword ptr fs:[00000030h] 3_2_0161273C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C700 mov eax, dword ptr fs:[00000030h] 3_2_0161C700
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01610710 mov eax, dword ptr fs:[00000030h] 3_2_01610710
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166E7E1 mov eax, dword ptr fs:[00000030h] 3_2_0166E7E1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016027ED mov eax, dword ptr fs:[00000030h] 3_2_016027ED
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016027ED mov eax, dword ptr fs:[00000030h] 3_2_016027ED
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016027ED mov eax, dword ptr fs:[00000030h] 3_2_016027ED
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EC7C0 mov eax, dword ptr fs:[00000030h] 3_2_015EC7C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E47FB mov eax, dword ptr fs:[00000030h] 3_2_015E47FB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E47FB mov eax, dword ptr fs:[00000030h] 3_2_015E47FB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016607C3 mov eax, dword ptr fs:[00000030h] 3_2_016607C3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016947A0 mov eax, dword ptr fs:[00000030h] 3_2_016947A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168678E mov eax, dword ptr fs:[00000030h] 3_2_0168678E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E07AF mov eax, dword ptr fs:[00000030h] 3_2_015E07AF
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A660 mov eax, dword ptr fs:[00000030h] 3_2_0161A660
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A660 mov eax, dword ptr fs:[00000030h] 3_2_0161A660
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A866E mov eax, dword ptr fs:[00000030h] 3_2_016A866E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A866E mov eax, dword ptr fs:[00000030h] 3_2_016A866E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01612674 mov eax, dword ptr fs:[00000030h] 3_2_01612674
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FC640 mov eax, dword ptr fs:[00000030h] 3_2_015FC640
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01616620 mov eax, dword ptr fs:[00000030h] 3_2_01616620
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01618620 mov eax, dword ptr fs:[00000030h] 3_2_01618620
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F260B mov eax, dword ptr fs:[00000030h] 3_2_015F260B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E609 mov eax, dword ptr fs:[00000030h] 3_2_0165E609
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E262C mov eax, dword ptr fs:[00000030h] 3_2_015E262C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015FE627 mov eax, dword ptr fs:[00000030h] 3_2_015FE627
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01622619 mov eax, dword ptr fs:[00000030h] 3_2_01622619
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h] 3_2_0165E6F2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h] 3_2_0165E6F2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h] 3_2_0165E6F2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h] 3_2_0165E6F2
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016606F1 mov eax, dword ptr fs:[00000030h] 3_2_016606F1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016606F1 mov eax, dword ptr fs:[00000030h] 3_2_016606F1
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A6C7 mov ebx, dword ptr fs:[00000030h] 3_2_0161A6C7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A6C7 mov eax, dword ptr fs:[00000030h] 3_2_0161A6C7
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C6A6 mov eax, dword ptr fs:[00000030h] 3_2_0161C6A6
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4690 mov eax, dword ptr fs:[00000030h] 3_2_015E4690
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4690 mov eax, dword ptr fs:[00000030h] 3_2_015E4690
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016166B0 mov eax, dword ptr fs:[00000030h] 3_2_016166B0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01606962 mov eax, dword ptr fs:[00000030h] 3_2_01606962
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01606962 mov eax, dword ptr fs:[00000030h] 3_2_01606962
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01606962 mov eax, dword ptr fs:[00000030h] 3_2_01606962
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162096E mov eax, dword ptr fs:[00000030h] 3_2_0162096E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162096E mov edx, dword ptr fs:[00000030h] 3_2_0162096E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0162096E mov eax, dword ptr fs:[00000030h] 3_2_0162096E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01684978 mov eax, dword ptr fs:[00000030h] 3_2_01684978
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01684978 mov eax, dword ptr fs:[00000030h] 3_2_01684978
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166C97C mov eax, dword ptr fs:[00000030h] 3_2_0166C97C
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01660946 mov eax, dword ptr fs:[00000030h] 3_2_01660946
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4940 mov eax, dword ptr fs:[00000030h] 3_2_016B4940
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D8918 mov eax, dword ptr fs:[00000030h] 3_2_015D8918
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D8918 mov eax, dword ptr fs:[00000030h] 3_2_015D8918
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166892A mov eax, dword ptr fs:[00000030h] 3_2_0166892A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0167892B mov eax, dword ptr fs:[00000030h] 3_2_0167892B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E908 mov eax, dword ptr fs:[00000030h] 3_2_0165E908
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165E908 mov eax, dword ptr fs:[00000030h] 3_2_0165E908
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166C912 mov eax, dword ptr fs:[00000030h] 3_2_0166C912
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166E9E0 mov eax, dword ptr fs:[00000030h] 3_2_0166E9E0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h] 3_2_015EA9D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h] 3_2_015EA9D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h] 3_2_015EA9D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h] 3_2_015EA9D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h] 3_2_015EA9D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h] 3_2_015EA9D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016129F9 mov eax, dword ptr fs:[00000030h] 3_2_016129F9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016129F9 mov eax, dword ptr fs:[00000030h] 3_2_016129F9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016769C0 mov eax, dword ptr fs:[00000030h] 3_2_016769C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016149D0 mov eax, dword ptr fs:[00000030h] 3_2_016149D0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AA9D3 mov eax, dword ptr fs:[00000030h] 3_2_016AA9D3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016689B3 mov esi, dword ptr fs:[00000030h] 3_2_016689B3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016689B3 mov eax, dword ptr fs:[00000030h] 3_2_016689B3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016689B3 mov eax, dword ptr fs:[00000030h] 3_2_016689B3
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E09AD mov eax, dword ptr fs:[00000030h] 3_2_015E09AD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E09AD mov eax, dword ptr fs:[00000030h] 3_2_015E09AD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h] 3_2_015F29A0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4859 mov eax, dword ptr fs:[00000030h] 3_2_015E4859
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E4859 mov eax, dword ptr fs:[00000030h] 3_2_015E4859
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166E872 mov eax, dword ptr fs:[00000030h] 3_2_0166E872
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166E872 mov eax, dword ptr fs:[00000030h] 3_2_0166E872
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01676870 mov eax, dword ptr fs:[00000030h] 3_2_01676870
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01676870 mov eax, dword ptr fs:[00000030h] 3_2_01676870
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F2840 mov ecx, dword ptr fs:[00000030h] 3_2_015F2840
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01610854 mov eax, dword ptr fs:[00000030h] 3_2_01610854
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161A830 mov eax, dword ptr fs:[00000030h] 3_2_0161A830
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168483A mov eax, dword ptr fs:[00000030h] 3_2_0168483A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168483A mov eax, dword ptr fs:[00000030h] 3_2_0168483A
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602835 mov eax, dword ptr fs:[00000030h] 3_2_01602835
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602835 mov eax, dword ptr fs:[00000030h] 3_2_01602835
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602835 mov eax, dword ptr fs:[00000030h] 3_2_01602835
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602835 mov ecx, dword ptr fs:[00000030h] 3_2_01602835
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602835 mov eax, dword ptr fs:[00000030h] 3_2_01602835
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01602835 mov eax, dword ptr fs:[00000030h] 3_2_01602835
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166C810 mov eax, dword ptr fs:[00000030h] 3_2_0166C810
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AA8E4 mov eax, dword ptr fs:[00000030h] 3_2_016AA8E4
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C8F9 mov eax, dword ptr fs:[00000030h] 3_2_0161C8F9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161C8F9 mov eax, dword ptr fs:[00000030h] 3_2_0161C8F9
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160E8C0 mov eax, dword ptr fs:[00000030h] 3_2_0160E8C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B08C0 mov eax, dword ptr fs:[00000030h] 3_2_016B08C0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0887 mov eax, dword ptr fs:[00000030h] 3_2_015E0887
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166C89D mov eax, dword ptr fs:[00000030h] 3_2_0166C89D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015D8B50 mov eax, dword ptr fs:[00000030h] 3_2_015D8B50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01694B4B mov eax, dword ptr fs:[00000030h] 3_2_01694B4B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01694B4B mov eax, dword ptr fs:[00000030h] 3_2_01694B4B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015DCB7E mov eax, dword ptr fs:[00000030h] 3_2_015DCB7E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01676B40 mov eax, dword ptr fs:[00000030h] 3_2_01676B40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01676B40 mov eax, dword ptr fs:[00000030h] 3_2_01676B40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016AAB40 mov eax, dword ptr fs:[00000030h] 3_2_016AAB40
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01688B42 mov eax, dword ptr fs:[00000030h] 3_2_01688B42
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168EB50 mov eax, dword ptr fs:[00000030h] 3_2_0168EB50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h] 3_2_016B2B57
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h] 3_2_016B2B57
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h] 3_2_016B2B57
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h] 3_2_016B2B57
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160EB20 mov eax, dword ptr fs:[00000030h] 3_2_0160EB20
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160EB20 mov eax, dword ptr fs:[00000030h] 3_2_0160EB20
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A8B28 mov eax, dword ptr fs:[00000030h] 3_2_016A8B28
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016A8B28 mov eax, dword ptr fs:[00000030h] 3_2_016A8B28
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_016B4B00 mov eax, dword ptr fs:[00000030h] 3_2_016B4B00
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h] 3_2_0165EB1D
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0BCD mov eax, dword ptr fs:[00000030h] 3_2_015E0BCD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0BCD mov eax, dword ptr fs:[00000030h] 3_2_015E0BCD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0BCD mov eax, dword ptr fs:[00000030h] 3_2_015E0BCD
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166CBF0 mov eax, dword ptr fs:[00000030h] 3_2_0166CBF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160EBFC mov eax, dword ptr fs:[00000030h] 3_2_0160EBFC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01600BCB mov eax, dword ptr fs:[00000030h] 3_2_01600BCB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01600BCB mov eax, dword ptr fs:[00000030h] 3_2_01600BCB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01600BCB mov eax, dword ptr fs:[00000030h] 3_2_01600BCB
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E8BF0 mov eax, dword ptr fs:[00000030h] 3_2_015E8BF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E8BF0 mov eax, dword ptr fs:[00000030h] 3_2_015E8BF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E8BF0 mov eax, dword ptr fs:[00000030h] 3_2_015E8BF0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168EBD0 mov eax, dword ptr fs:[00000030h] 3_2_0168EBD0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01694BB0 mov eax, dword ptr fs:[00000030h] 3_2_01694BB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01694BB0 mov eax, dword ptr fs:[00000030h] 3_2_01694BB0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0BBE mov eax, dword ptr fs:[00000030h] 3_2_015F0BBE
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0BBE mov eax, dword ptr fs:[00000030h] 3_2_015F0BBE
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0A5B mov eax, dword ptr fs:[00000030h] 3_2_015F0A5B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015F0A5B mov eax, dword ptr fs:[00000030h] 3_2_015F0A5B
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0168EA60 mov eax, dword ptr fs:[00000030h] 3_2_0168EA60
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161CA6F mov eax, dword ptr fs:[00000030h] 3_2_0161CA6F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161CA6F mov eax, dword ptr fs:[00000030h] 3_2_0161CA6F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161CA6F mov eax, dword ptr fs:[00000030h] 3_2_0161CA6F
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h] 3_2_015E6A50
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165CA72 mov eax, dword ptr fs:[00000030h] 3_2_0165CA72
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0165CA72 mov eax, dword ptr fs:[00000030h] 3_2_0165CA72
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161CA24 mov eax, dword ptr fs:[00000030h] 3_2_0161CA24
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0160EA2E mov eax, dword ptr fs:[00000030h] 3_2_0160EA2E
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01604A35 mov eax, dword ptr fs:[00000030h] 3_2_01604A35
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01604A35 mov eax, dword ptr fs:[00000030h] 3_2_01604A35
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161CA38 mov eax, dword ptr fs:[00000030h] 3_2_0161CA38
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0166CA11 mov eax, dword ptr fs:[00000030h] 3_2_0166CA11
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015E0AD0 mov eax, dword ptr fs:[00000030h] 3_2_015E0AD0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161AAEE mov eax, dword ptr fs:[00000030h] 3_2_0161AAEE
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_0161AAEE mov eax, dword ptr fs:[00000030h] 3_2_0161AAEE
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01636ACC mov eax, dword ptr fs:[00000030h] 3_2_01636ACC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01636ACC mov eax, dword ptr fs:[00000030h] 3_2_01636ACC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01636ACC mov eax, dword ptr fs:[00000030h] 3_2_01636ACC
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01614AD0 mov eax, dword ptr fs:[00000030h] 3_2_01614AD0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01614AD0 mov eax, dword ptr fs:[00000030h] 3_2_01614AD0
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_01636AA4 mov eax, dword ptr fs:[00000030h] 3_2_01636AA4
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EEA80 mov eax, dword ptr fs:[00000030h] 3_2_015EEA80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Code function: 3_2_015EEA80 mov eax, dword ptr fs:[00000030h] 3_2_015EEA80
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtResumeThread: Direct from: 0x773836AC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtMapViewOfSection: Direct from: 0x77382D1C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtWriteVirtualMemory: Direct from: 0x77382E3C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtProtectVirtualMemory: Direct from: 0x77382F9C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtSetInformationThread: Direct from: 0x773763F9 Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtCreateMutant: Direct from: 0x773835CC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtNotifyChangeKey: Direct from: 0x77383C2C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtSetInformationProcess: Direct from: 0x77382C5C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtCreateUserProcess: Direct from: 0x7738371C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQueryInformationProcess: Direct from: 0x77382C26 Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtResumeThread: Direct from: 0x77382FBC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtWriteVirtualMemory: Direct from: 0x7738490C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtOpenKeyEx: Direct from: 0x77383C9C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtReadFile: Direct from: 0x77382ADC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtAllocateVirtualMemory: Direct from: 0x77382BFC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtDelayExecution: Direct from: 0x77382DDC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQuerySystemInformation: Direct from: 0x77382DFC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtOpenSection: Direct from: 0x77382E0C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQueryVolumeInformationFile: Direct from: 0x77382F2C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQuerySystemInformation: Direct from: 0x773848CC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtReadVirtualMemory: Direct from: 0x77382E8C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtCreateKey: Direct from: 0x77382C6C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtAllocateVirtualMemory: Direct from: 0x773848EC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQueryAttributesFile: Direct from: 0x77382E6C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtSetInformationThread: Direct from: 0x77382B4C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtTerminateThread: Direct from: 0x77382FCC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQueryInformationToken: Direct from: 0x77382CAC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtOpenKeyEx: Direct from: 0x77382B9C Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtQueryValueKey: Direct from: 0x77382BEC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtDeviceIoControlFile: Direct from: 0x77382AEC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtCreateFile: Direct from: 0x77382FEC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtOpenFile: Direct from: 0x77382DCC Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe NtProtectVirtualMemory: Direct from: 0x77377B2E Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Memory written: C:\Users\user\Desktop\Purchase Order_20240528.exe base: 400000 value starts with: 4D5A Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: NULL target: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Section loaded: NULL target: C:\Windows\SysWOW64\nslookup.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: NULL target: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: NULL target: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\nslookup.exe Thread register set: target process: 644 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\nslookup.exe Thread APC queued: target process: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Process created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe" Jump to behavior
Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: IProgram Manager
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Queries volume information: C:\Users\user\Desktop\Purchase Order_20240528.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_20240528.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\nslookup.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1448264 Sample: Purchase Order_20240528.exe Startdate: 28/05/2024 Architecture: WINDOWS Score: 100 28 www.vpachurch.org.uk 2->28 30 www.shortput.top 2->30 32 20 other IPs or domains 2->32 44 Snort IDS alert for network traffic 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 10 other signatures 2->50 10 Purchase Order_20240528.exe 3 2->10         started        signatures3 process4 signatures5 62 Injects a PE file into a foreign processes 10->62 13 Purchase Order_20240528.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 qFrNDyfVqdmmFLBeyXwBmuB.exe 13->16 injected process8 signatures9 40 Uses nslookup.exe to query domains 16->40 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 nslookup.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 2 other signatures 19->58 22 qFrNDyfVqdmmFLBeyXwBmuB.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.shortput.top 203.161.43.227, 49741, 49742, 49743 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 betopfloor.com 108.179.192.228, 49753, 49754, 49755 UNIFIEDLAYER-AS-1US United States 22->36 38 11 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
76.223.67.189
 adhdphotography.com United States
16509 AMAZON-02US true
46.30.215.104
 www.ceo-retreats.co.uk Denmark
51468 ONECOMDK true
92.205.15.157
 mavonorm-global.uk Germany
8972 GD-EMEA-DC-SXB1DE true
199.59.243.225
 94950.bodis.com United States
395082 BODIS-NJUS true
149.88.84.60
 www.bade.ink United States
188 SAIC-ASUS true
185.229.21.229
 cuddle-paws.co.uk United Kingdom
25577 C4L-ASGB true
108.179.192.228
 betopfloor.com United States
46606 UNIFIEDLAYER-AS-1US true
188.114.97.3
 www.ilodezu.com European Union
13335 CLOUDFLARENETUS false
203.161.43.227
 www.shortput.top Malaysia
45899 VNPT-AS-VNVNPTCorpVN true
178.63.50.103
 www.home-stroi0m.ru Germany
24940 HETZNER-ASDE true
3.33.130.190
 vpachurch.org.uk United States
8987 AMAZONEXPANSIONGB true
212.227.172.254
 www.shopnaya.fr Germany
8560 ONEANDONE-ASBrauerstrasse48DE true
216.40.34.41
 www.allgiftedmalaysia.com Canada
15348 TUCOWSCA true

Contacted Domains

Name IP Active
www.bade.ink 149.88.84.60 true
vpachurch.org.uk 3.33.130.190 true
www.shopnaya.fr 212.227.172.254 true
www.ceo-retreats.co.uk 46.30.215.104 true
mavonorm-global.uk 92.205.15.157 true
www.ilodezu.com 188.114.97.3 true
www.allgiftedmalaysia.com 216.40.34.41 true
cuddle-paws.co.uk 185.229.21.229 true
www.shortput.top 203.161.43.227 true
www.home-stroi0m.ru 178.63.50.103 true
betopfloor.com 108.179.192.228 true
adhdphotography.com 76.223.67.189 true
94950.bodis.com 199.59.243.225 true
futurereadyteaming.com 3.33.130.190 true
www.mavonorm-global.uk unknown unknown
www.dolcegusto-quiz.fun unknown unknown
www.betopfloor.com unknown unknown
www.cuddle-paws.co.uk unknown unknown
www.futurereadyteaming.com unknown unknown
www.adhdphotography.com unknown unknown
www.etrading.cloud unknown unknown
www.vpachurch.org.uk unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.allgiftedmalaysia.com/dkdj/?5L0=2bCPy0&jTZPp=U2MbIDwYObql7+StDszk2IWvOqKP49Y4LLLXxrmKfStKROUY/qK9Zw3EJYAbIJoej5+11dDiuiwrzCxekQQ2SsNjLcEghxbMGsQSE4hdcQPQTWeOxMh44mhCIwJzKEDB4Xq2erE= true
  • Avira URL Cloud: safe
 unknown
http://www.cuddle-paws.co.uk/zzbw/?5L0=2bCPy0&jTZPp=SYw/9+A27wDBBFVE9oOer+iKSaxo18ff/QICalIUdVK4tpmTGYvTJqWTGl/IZc6vUKz9bMfWLss6gerKkQ1b4agtfT85HThTdgJ4Gv37GO/tiVjy/t6jt5abgYoy/lcD8efQawI= true
  • Avira URL Cloud: safe
 unknown
http://www.adhdphotography.com/3gap/?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy0 true
  • Avira URL Cloud: safe
 unknown
http://www.etrading.cloud/gy0x/ true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.vpachurch.org.uk/hx08/ true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://www.etrading.cloud/gy0x/?5L0=2bCPy0&jTZPp=q3tVqQVST/58pKcjgu6vzl4r/mjx+/3v5p1oiGGfWC80c0QmTZc7sue0joIh5TaOhvctfB+I4hP6RP0S+zGuZLn5ZOGHWIzMGtqXZLXUxKwwwvK+KKFBFwNnv8XJAo+gt0xcEPY= true
  • Avira URL Cloud: safe
 unknown
http://www.home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI+Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf+AOShDHzPE0tCU=&5L0=2bCPy0 true
  • Avira URL Cloud: safe
 unknown
http://www.mavonorm-global.uk/ia1k/ true
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc= true
  • Avira URL Cloud: safe
 unknown
http://www.shopnaya.fr/9rbi/ true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.home-stroi0m.ru/l7wc/ true
  • Avira URL Cloud: safe
 unknown
http://www.ceo-retreats.co.uk/5s1a/ true
  • 3%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://www.cuddle-paws.co.uk/zzbw/ true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.vpachurch.org.uk/hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0 true
  • Avira URL Cloud: malware
 unknown
http://www.shortput.top/05xu/?jTZPp=ReZNC8TX9gJaOIK/BvITh+0FGwzFHm92bQvbNg62F2J0R8z5SuhCGDe2HN2Byu0BC7BKvHjRxIjSR8MFICml92wEl2DsCCajGT/6l7iIm8MBifF7wDoE5bE7ZGx4kkh6K6rbsW4=&5L0=2bCPy0 true
  • Avira URL Cloud: safe
 unknown
http://www.futurereadyteaming.com/d42u/ true
  • Avira URL Cloud: safe
 unknown
http://www.shortput.top/05xu/ true
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.allgiftedmalaysia.com/dkdj/ true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs= true
  • Avira URL Cloud: safe
 unknown
http://www.futurereadyteaming.com/d42u/?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo= true
  • Avira URL Cloud: safe
 unknown
http://www.bade.ink/hsw0/ true
  • Avira URL Cloud: safe
 unknown
http://www.ilodezu.com/07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ= false
  • Avira URL Cloud: malware
 unknown
http://www.adhdphotography.com/3gap/ true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.betopfloor.com/qy3g/ true
  • Avira URL Cloud: safe
 unknown
http://www.ceo-retreats.co.uk/5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0 true
  • Avira URL Cloud: malware
 unknown